pilla Bodhisattva
Joined: 07 Aug 2002 Posts: 7729 Location: Underworld
|
Posted: Sat Jul 19, 2003 8:57 pm Post subject: [gentoo-announce] GLSA: nfs-utils (200307-07) |
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200307-07
- - - ---------------------------------------------------------------------
PACKAGE : nfs-utils
SUMMARY : off by one bug
DATE : 2003-07-19 15:13 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <nfs-utils-1.0.4
FIXED VERSION : >=nfs-utils-1.0.4
CVE : CAN-2003-0252
- - - ---------------------------------------------------------------------
quote from advisory:
"Local or remote attacker which is capable to send RPC request to
vulnerable mountd daemon could execute artitrary code or cause
denial of service."
read the full advisory at:
http://marc.theaimsgroup.com/?l=bugtraq&m=105820223707191&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-fs/nfs-utils upgrade to nfs-utils-1.0.5 as follows
emerge sync
emerge nfs-utils
emerge clean
- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz
- - - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/GWAqfT7nyhUpoZMRAnjDAKCCDYQRPaOlWu9x20mqyzCAqlEIMQCfcIOZ
KpTLSUKZcBJxYS+UyBVjOhU=
=ljzz
-----END PGP SIGNATURE----- _________________ "I'm just very selective about the reality I choose to accept." -- Calvin |
|