Hi everybody, heres an update on the Linux unfsd hole. The problem (as most may have found out by now looking at the diffs) was a buffer overrun in the code that was supposed to log failed mount attempts :-/ This means, the bug can be exploited even if your client is not listed in the exports file. In the meantime, I have released a fixed version. It's available from linux.mathematik.tu-darmstadt.de in /pub/linux/people/okir, the file's called nfs-server-2.2beta36.tar.gz. I had previously released 2.2beta35, but shortly after I uploaded it a bug was found in the handling of some mount requests. Note that the upgrade RPM for Caldera OpenLinux is nfs-server-2.2beta35-2, available from ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2. Despite the 35 in the name, it has the aforementioned mount problem fixed. Olaf -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okirat_private | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax okirat_private +-------------------- Why Not?! ----------------------- UNIX, n.: Spanish manufacturer of fire extinguishers.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:02 PDT