(Slackware Issues Updated Fix) 'nfs-utils' Buffer Overflow May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1007209 |
|
SecurityTracker URL: http://securitytracker.com/id/1007209
|
|
CVE Reference:
CVE-2003-0252
(Links to External Site)
|
Date: Jul 16 2003
|
Impact:
Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.0.3 and prior versions
|
Description:
An off-by one buffer overflow vulnerability was reported in 'nfs-utils'. A remote user may be able to execute arbitrary code on the target system.
Janusz Niewiadomski of iSEC Security Research reported that a remote user can send a specially crafted request to the rpc.mountd daemon to trigger an overflow in the xlog() logging function. If the user-supplied string is 1023 bytes or longer, the trailing null '\0' byte is written beyond the end of the buffer.
According to the report, a remote user can cause the daemon to crash or execute arbitrary code with the privileges of the daemon. However, Red Hat reported in advisory RHSA-2003:206-01 that "it is not believed that this bug could lead to remote arbitrary code execution."
|
Impact:
A remote user can send a specially crafted NFS request to cause the rpc.mountd daemon to crash or execute arbitrary code. The arbitrary code will run with the privileges of the daemon.
|
Solution:
Slackware has released a revised fix. The fix issued yesterday reportedly contained a but in 'utils/mountd/auth.c' that may cause mountd to crash.
The revised fix is:
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/nfs-utils-1.0.4-i386-2.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/nfs-utils-1.0.4-i386-2.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/nfs-utils-1.0.4-i486-2.tgz
The MD5 signatures are:
Slackware 8.1 package:
d1e44efb9052b7a57fcc2ac6cad09bca nfs-utils-1.0.4-i386-2.tgz
Slackware 9.0 package:
aa8a044fe98e91ac2d98c570fad19bdf nfs-utils-1.0.4-i386-2.tgz
Slackware -current package:
a391e67cd65d082ec3ee2e1cd97c9ac1 nfs-utils-1.0.4-i486-2.tgz
The vendor has provided the following installation instructions:
First, if the NFS server is running, stop it:
. /etc/rc.d/rc.nfsd stop
Then upgrade using upgradepkg (as root):
upgradepkg nfs-utils-1.0.4-i386-1.tgz
Finally, restart NFS services:
. /etc/rc.d/rc.nfsd start
|
Vendor URL: sourceforge.net/projects/nfs/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Slackware)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 15 Jul 2003 14:43:06 -0700 (PDT)
Subject: [slackware-security] nfs-utils packages replaced (SSA:2003-195-01b)
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] nfs-utils packages replaced (SSA:2003-195-01b)
New nfs-utils packages are available for Slackware 8.1, 9.0, and -current
to replace the ones that were issued yesterday. A bug in has been fixed
in utils/mountd/auth.c that could cause mountd to crash.
Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Tue Jul 15 10:42:58 PDT 2003
patches/packages/nfs-utils-1.0.4-i386-2.tgz: Fixed a bug in the new
nfs-utils which can result in mountd crashing. Thanks to André Muezerie
for the report.
+--------------------------+
WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/nfs-utils-1.0.4-i386-2.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/nfs-utils-1.0.4-i386-2.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/nfs-utils-1.0.4-i486-2.tgz
MD5 SIGNATURES:
+-------------+
Slackware 8.1 package:
d1e44efb9052b7a57fcc2ac6cad09bca nfs-utils-1.0.4-i386-2.tgz
Slackware 9.0 package:
aa8a044fe98e91ac2d98c570fad19bdf nfs-utils-1.0.4-i386-2.tgz
Slackware -current package:
a391e67cd65d082ec3ee2e1cd97c9ac1 nfs-utils-1.0.4-i486-2.tgz
INSTALLATION INSTRUCTIONS:
+------------------------+
First, if the NFS server is running, stop it:
. /etc/rc.d/rc.nfsd stop
Then upgrade using upgradepkg (as root):
upgradepkg nfs-utils-1.0.4-i386-1.tgz
Finally, restart NFS services:
. /etc/rc.d/rc.nfsd start
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/FHXUakRjwEAQIjMRAvrGAJ9s5l1Hj53t5oOZE4zmKVImepDI0QCeImoB
RCp7I6QSJRnCRKIga/qfFUg=
=ewCr
-----END PGP SIGNATURE-----
|
|
