Bugtraq mailing list archives

Re: mountd- more info (sorry)

From: cdale () HOME ISOLNET COM (RHS Linux User)
Date: Tue, 29 Sep 1998 03:42:14 -0500


Hi!
That version is indeed vulnerable.  This from
http://www.redhat.com/errata:

    Package: nfs

   Updated: 28-Aug-1998

   Problem:
     * (28-Aug-1998)Security Fix: Potential security problems have been
       identified in all versions of nfs-server packages shipped with Red
       Hat Linux.
       Users of Red Hat Linux are recommended to upgrade to the new
       packages available under updates directory on our ftp site.

   Solution:
     * Intel: Upgrade to:
       nfs-server-2.2beta29-7.i386.rpm
       nfs-server-clients-2.2beta29-7.i386.rpm
     * Alpha: Upgrade to:
       nfs-server-2.2beta29-7.alpha.rpm
       nfs-server-clients-2.2beta29-7.alpha.rpm
     * SPARC: Upgrade to:
    nfs-server-clients-2.2beta29-7.sparc.rpm


sillyhead

silly () redhat com

fnord.


On Mon, 28 Sep 1998, John Caldwell wrote:

I'm sorry i omitted this information in my first post:

OS: Linux (Redhat 5.1)

NFS package version: nfs-server-2.2beta29-5


--
 -------------------------
| John Caldwell
| jcald () lake ml org
| http://www.lake.ml.org/
 -------------------------

Current thread:

Re: 1+2=3, +++ATH0=Old school DoS, (continued)
- - Re: 1+2=3, +++ATH0=Old school DoS John M. Flinchbaugh (Sep 28)
    - SHADOW group research indicates distributed probes and attacks Patrick Oonk (Sep 28)
    - Re: 1+2=3, +++ATH0=Old school DoS Adrian Gonzalez (Sep 28)
    - Modem ATH0 thread route () RESENTMENT INFONEXUS COM (Sep 28)
    - IRIX 6.2 passwordless accounts exploit? Dan Stromberg (Sep 28)
    - Re: IRIX 6.2 passwordless accounts exploit? D.A. Harris (Sep 28)
    - Re: IRIX 6.2 passwordless accounts exploit? Eugene Bradley (Sep 28)
    - Re: Solaris non-root login (was: IRIX 6.2 pass...) Richard Yates SPG (Sep 29)
    - mountd- more info (sorry) John Caldwell (Sep 28)
    - Bay Accelar 1000 series Steven Hearon (Sep 28)
    - Re: mountd- more info (sorry) RHS Linux User (Sep 29)
    - rpc.mountd vulnerabilities tiago (Sep 29)
    - Re: rpc.mountd vulnerabilities morex .- (Sep 29)
    - Snork exploit route () RESENTMENT INFONEXUS COM (Sep 29)
    - Re: rpc.mountd vulnerabilities Alan Brown (Sep 29)
    - IRIX Mail(1)/mailx(1) Security Issues SGI Security Coordinator (Sep 29)
    - IRIX On-Line Customer Registration Vulnerabilities SGI Security Coordinator (Sep 29)
    - IRIX mail(1)/rmail(1M)/sendmail(1M) Security Vulnerabilities SGI Security Coordinator (Sep 29)
    - Re: rpc.mountd vulnerabilities Olaf Kirch (Sep 30)
    - ISS Security Advisory: Snork X-Force (Sep 29)
    - Re: mountd- more info (sorry) John Caldwell (Sep 29)

(Thread continues...)