Bugtraq mailing list archives
Re: mountd- more info (sorry)
From: jcald () LAKE ML ORG (John Caldwell)
Date: Tue, 29 Sep 1998 11:40:18 -0700
On Mon, 28 Sep 1998, John Caldwell wrote:
I'm sorry i omitted this information in my first post: OS: Linux (Redhat 5.1) NFS package version: nfs-server-2.2beta29-5
As a couple people have pointed out to me, redhat released a patch for this a few weeks ago. I use autorpm to update my packages, and for some reason it didnt figure out that there was a new version of the nfs package. That combined with the fact that when i couldnt find anything in the bugtraq archives for anything on mountd, I figured this was a new bug... oops. Theres also nothing new about a mountd exploit on rootshell, but somebody figured out one-- the guy who used it on my box was our favorite haxor the "script kiddie." Oh well.. since nobody posted the original redhat errata here goes: http://www.redhat.com/support/docs/rhl/rh51-errata-general.html#nfs Package: nfs Updated: 28-Aug-1998 Problem: (28-Aug-1998)Security Fix: Potential security problems have been identified in all versions of nfs-server packages shipped with Red Hat Linux. Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site. Solution: Intel: Upgrade to: nfs-server-2.2beta29-7.i386.rpm nfs-server-clients-2.2beta29-7.i386.rpm Alpha: Upgrade to: nfs-server-2.2beta29-7.alpha.rpm nfs-server-clients-2.2beta29-7.alpha.rpm SPARC: Upgrade to: nfs-server-2.2beta29-7.sparc.rpm nfs-server-clients-2.2beta29-7.sparc.rpm -- ------------------------- | John Caldwell | jcald () lake ml org | http://www.lake.ml.org/ -------------------------
Current thread:
- Re: mountd- more info (sorry), (continued)
- Re: mountd- more info (sorry) RHS Linux User (Sep 29)
- rpc.mountd vulnerabilities tiago (Sep 29)
- Re: rpc.mountd vulnerabilities morex .- (Sep 29)
- Snork exploit route () RESENTMENT INFONEXUS COM (Sep 29)
- Re: rpc.mountd vulnerabilities Alan Brown (Sep 29)
- IRIX Mail(1)/mailx(1) Security Issues SGI Security Coordinator (Sep 29)
- IRIX On-Line Customer Registration Vulnerabilities SGI Security Coordinator (Sep 29)
- IRIX mail(1)/rmail(1M)/sendmail(1M) Security Vulnerabilities SGI Security Coordinator (Sep 29)
- Re: rpc.mountd vulnerabilities Olaf Kirch (Sep 30)
- ISS Security Advisory: Snork X-Force (Sep 29)
- Re: mountd- more info (sorry) John Caldwell (Sep 29)
- Re: mountd- more info (sorry) Anthony C. Zboralski (Sep 30)
- more rpc.mountd jason valentine (Sep 30)
- Netscape Cache Exploit - source code Ken Williams (Sep 29)
- Re: IRIX 6.2 passwordless accounts exploit? Kevin Hawkins (Sep 30)
- Sun Security Bulletin #00176 joshua grubman (Sep 30)
- Re: IRIX 6.2 passwordless accounts exploit? morex .- (Sep 28)
- mountd remote exploit? John Caldwell (Sep 28)
- Re: mountd remote exploit? morex .- (Sep 28)
- Re: IRIX 6.2 passwordless accounts exploit? Charl Botha (Sep 29)
- Re: IRIX 6.2 passwordless accounts exploit? Renaud Deraison (Sep 29)