Bugtraq mailing list archives
Re: RSI.0008.08-18-98.ALL.RPC_PCNFSD
From: sstone () UME PHT CO JP (Scott Stone)
Date: Wed, 19 Aug 1998 17:56:47 +0900
On Tue, 18 Aug 1998, RSI Advise wrote:
Announced: July 14, 1998 Report code: RSI.0008.08-18-98.ALL.RPC_PCNFSD Report title: All rpc.pcnfsd Vulnerability: Please see the details section Vendor status: IBM contacted on August 3, 1998 Hewlett Packard contacted on August 3, 1998 Sun Microsystems contacted on August 3, 1998 Slackware contacted on August 3, 1998 Patch status: Linux and AIX patch information is provided below Platforms: Vulnerable: AIX: 4.0, 4.1, 4.2, 4.3 HP-UX: 7.x, 8.x, 9.x, 10.x, 11.x SunOS: 4.1.3, 4.1.4 Solaris: 2.3, 2.4, 2.5, 2.5.1, 2.6 Redhat Linux: 4.0, 4.1, 4.2, 5.0, 5.1 Slackware Linux: 3.0, 3.1, 3.2, 3.3, 3.4, 3.5 OSF: 3.2
OK, TurboLinux 2.0 is NOT vulnerable, and neither is Redhat 5.1 despite what it says up there. Why? Because neither TL nor RH 5.1 even include rpc.pcnfsd (checked by querying every RPM package in both distributions, grepping for 'pcnfs' -- no matches). If the intent was to say that the Linux version of rpc.pcnfsd (and the AIX version, i suppose) have this vulnerability, then please don't go naming distributions that don't include it, since it's not the responsibility of the distribution vendor to fix a package that's not part of the distribution. Was notification sent to the author/maintainer(s) of rpc.pcnfsd? -------------------------------------------------- Scott M. Stone <sstone () pht com, sstone () turbolinux com> <sstone () pht co jp> Head of TurboLinux Development/Systems Administrator Pacific HiTech, Inc (USA) / Pacific HiTech, KK (Japan) http://www.pht.com http://armadillo.pht.co.jp http://www.pht.co.jp http://www.turbolinux.com
Current thread:
- RSI.0008.08-18-98.ALL.RPC_PCNFSD RSI Advise (Aug 18)
- Microsoft Security Bulletin (MS98-011) (fwd) brian j. peterson (Aug 18)
- Re: RSI.0008.08-18-98.ALL.RPC_PCNFSD Scott Stone (Aug 19)
- Re: RSI.0008.08-18-98.ALL.RPC_PCNFSD Casper Dik (Aug 19)
- <Possible follow-ups>
- Re: RSI.0008.08-18-98.ALL.RPC_PCNFSD Brian Martin (Aug 19)
- Serious bug in Cisco PIX Robert Ståhlbrand (Aug 19)
- Re: RSI.0008.08-18-98.ALL.RPC_PCNFSD Alan Cox (Aug 19)
- Re: RSI.0008.08-18-98.ALL.RPC_PCNFSD Joseph E. Vornehm Jr. (Aug 19)
- Security Bulletins Digest (fwd) Piotr Strzy¿ewski (Aug 19)
- Re: RSI.0008.08-18-98.ALL.RPC_PCNFSD Volker Borchert (Aug 19)