| VID |
12034 |
| Severity |
40 |
| Port |
111 |
| Protocol |
TCP,UDP |
| Class |
RPC |
| Detailed Description |
The RPC mountd service has a buffer overflow vulnerability.
NFS is a distributed file system in which clients make use of file systems provided by servers. This software is usually called "mountd" or "rpc.mountd".
Certain implementations of rpc.mountd, primarily Linux systems contain a buffer overflow vulnerability in the mount daemon logging code which is supposed to log unauthorized mount attempts. It could allow a remote attacker to gain administrative access to the vulnerable NFS file server.
* Note: The RPC mountd service may be crashed by a buffer overflow test. Therefore restarting the service is required in order to regain normal functionality.
* References:
http://www.cert.org/advisories/CA-1998-12.html
ftp://patches.sgi.com/support/free/security/advisories/19981006-01-I
* Platforms Affected:
Caldera OpenLinux Any version
Linux Any version
Red Hat Linux Any version |
| Recommendation |
Apply the patch for this vulnerability, as listed in CERT Advisory CA-1998-12, http://www.cert.org/advisories/CA-1998-12.html
As a workaround, disable NFS services on your system. |
| Related URL |
CVE-1999-0002 (CVE) |
| Related URL |
121 (SecurityFocus) |
| Related URL |
1411 (ISS) |
|
