On Mon, 28 Sep 1998, John Caldwell wrote: > I'm sorry i omitted this information in my first post: > > OS: Linux (Redhat 5.1) > > NFS package version: nfs-server-2.2beta29-5 > > As a couple people have pointed out to me, redhat released a patch for this a few weeks ago. I use autorpm to update my packages, and for some reason it didnt figure out that there was a new version of the nfs package. That combined with the fact that when i couldnt find anything in the bugtraq archives for anything on mountd, I figured this was a new bug... oops. Theres also nothing new about a mountd exploit on rootshell, but somebody figured out one-- the guy who used it on my box was our favorite haxor the "script kiddie." Oh well.. since nobody posted the original redhat errata here goes: http://www.redhat.com/support/docs/rhl/rh51-errata-general.html#nfs Package: nfs Updated: 28-Aug-1998 Problem: (28-Aug-1998)Security Fix: Potential security problems have been identified in all versions of nfs-server packages shipped with Red Hat Linux. Users of Red Hat Linux are recommended to upgrade to the new packages available under updates directory on our ftp site. Solution: Intel: Upgrade to: nfs-server-2.2beta29-7.i386.rpm nfs-server-clients-2.2beta29-7.i386.rpm Alpha: Upgrade to: nfs-server-2.2beta29-7.alpha.rpm nfs-server-clients-2.2beta29-7.alpha.rpm SPARC: Upgrade to: nfs-server-2.2beta29-7.sparc.rpm nfs-server-clients-2.2beta29-7.sparc.rpm -- ------------------------- | John Caldwell | jcaldat_private | http://www.lake.ml.org/ -------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:18:09 PDT