| VID |
12045 |
| Severity |
40 |
| Port |
|
| Protocol |
UDP |
| Class |
RPC |
| Detailed Description |
The rpc.mountd daemon is vulnerable to an off-by-one overflow attack.
Linux NFS utils package, nfs-utils is a freely available NFS (Network File System) utility for Linux based-operating systems. nfs-utils versions before 1.0.4 are vulnerable to a buffer overflow, caused by an off-by-one error in the xlog function of mountd which handles logging of requests.. It is possible to exploit this issue via mountd.
A remote or local attacker could send a specially-crafted RPC (Remote Procedure Call) request to the rpc.mountd daemon to overflow a buffer and cause the daemon to crash. There is a possibility that this issue could be exploited to run arbitrary code in the context of mountd, which runs as root.
* Note: The rpc.mountd daemon will have been crashed by a this check. Therefore restarting the rpc.mountd service is required in order to regain normal functionality.
* References:
http://www.securityfocus.com/archive/1/328946
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0023.html
http://marc.theaimsgroup.com/?l=bugtraq&m=105820223707191&w=2
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0024.html
* Platforms Affected:
Linux NFS utils package (nfs-utils) before 1.0.4
Linux Any version |
| Recommendation |
Upgrade to the latest version of nfs-utils (1.0.4 or later), available from the Linux NFS development web site at http://sourceforge.net/projects/nfs/
For Red Hat Linux:
Upgrade to the latest nfs-utils package, as listed in Red Hat Linux Security Advisory RHSA-2003:206-05 at http://rhn.redhat.com/errata/RHSA-2003-206.html
For Debian GNU/Linux 3.0 (alias woody):
Upgrade to the latest nfs-utils package (nfs-utils_1.0-2woody1 or later), as listed in Debian Security Advisory DSA 349-1 at http://archives.neohapsis.com/archives/bugtraq/2003-07/0169.html
For SuSE Linux:
Upgrade to the latest nfs-utils package, as listed in SuSE Security Announcement SuSE-SA:2003:031 at http://www.suse.de/de/security/2003_031_nfs_utils.html
For Slackware Linux 8.1 and 9.0:
Upgrade to the latest nfs-utils package (1.0.4 or later), as listed in Slackware Security Advisory SSA:2003-195-01b at http://www.slackware.com/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.374504
For Turbolinux:
Upgrade to the latest version of nfs-utils, as listed in Turbolinux Security Advisory TLSA-2003-44 at http://www.securityfocus.com/advisories/5629
For Gentoo Linux:
Upgrade to the latest version of nfs-utils (1.0.5 or later), as listed in Gentoo Linux Security Announcement 200307-07 at http://www.linuxsecurity.com/advisories/gentoo_advisory-3476.html
For Trustix Secure Linux:
Upgrade to the latest nfs-utils package, as listed in Trustix Secure Linux Security Advisory #2003-0027 at http://www.linuxsecurity.com/advisories/trustix_advisory-3472.html
For Conectiva Linux:
Upgrade to the latest nfs-utils package, as listed in Conectiva Linux Security Announcement CLSA-2003:700 at http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000700
For Immunix Secured OS 7+:
Upgrade to the latest version of nfs-utils (0.3.1-7_imnx_3 or later), as listed in Immunix Secured OS Security Advisory IMNX-2003-7+-018-01 at http://www.linuxsecurity.com/advisories/immunix_advisory-3466.html
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2003-0252 (CVE) |
| Related URL |
8179 (SecurityFocus) |
| Related URL |
12600 (ISS) |
|
