drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in nfs-utils
Name: |
Pufferüberlauf in nfs-utils
|
|
ID: |
CSSA-2003-037.0 |
|
Distribution: |
SCO OpenLinux |
|
Plattformen: |
SCO OpenLinux 3.1.1 Server, SCO OpenLinux 3.1.1 Workstation |
|
Datum: |
Di, 18. November 2003, 12:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Linux NFS Utilities |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenLinux: Linux NFS utils package contains remotely exploitable off-by-one bug Advisory number: CSSA-2003-037.0 Issue date: 2003 November 17 Cross reference: sr882699 fz528148 erg712382 ______________________________________________________________________________
1. Problem Description
Janusz Niewiadomski has discovered an off-by-one overflow in xlog() in the nfs-utils package. It is rumoured this bug is exploitable, however as it writes a single zero byte to memory, an exploit may be difficult to write.
CAN-2003-0252 Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.
2. Vulnerable Supported Versions
System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to nfs-0.2.1-12.i386.rpm prior to nfs-lockd-0.2.1-12.i386.rpm prior to nfs-server-0.2.1-12.i386.rpm
OpenLinux 3.1.1 Workstation prior to nfs-0.2.1-12.i386.rpm prior to nfs-lockd-0.2.1-12.i386.rpm prior to nfs-server-0.2.1-12.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-037.0/RPMS
4.2 Packages
30ea43154970596e70e4fe28d975384e nfs-0.2.1-12.i386.rpm 680b5214c57a02e1265229458ae881d3 nfs-lockd-0.2.1-12.i386.rpm 32ee130750f4502fc5bfb51ed46bbbd9 nfs-server-0.2.1-12.i386.rpm
4.3 Installation
rpm -Fvh nfs-0.2.1-12.i386.rpm rpm -Fvh nfs-lockd-0.2.1-12.i386.rpm rpm -Fvh nfs-server-0.2.1-12.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-037.0/SRPMS
4.5 Source Packages
da4e028d9ffe374c7be7e24ffad2b360 nfs-0.2.1-12.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-037.0/RPMS
5.2 Packages
40c11bad18969b6587a9d94b79c2e41c nfs-0.2.1-12.i386.rpm f98629ebc8412a30a1ab6fe16ea55f77 nfs-lockd-0.2.1-12.i386.rpm 6407294bbb284c9e42f2769ef9941e8a nfs-server-0.2.1-12.i386.rpm
5.3 Installation
rpm -Fvh nfs-0.2.1-12.i386.rpm rpm -Fvh nfs-lockd-0.2.1-12.i386.rpm rpm -Fvh nfs-server-0.2.1-12.i386.rpm
5.4 Source Package Location
SRPMS
5.5 Source Packages
f47fea29ce99c7979c50ffb3e91ddf99 nfs-0.2.1-12.src.rpm
6. References
Specific references for this advisory: http://marc.theaimsgroup.com/?l=bugtraq&m=105839032403325&w=2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0252
SCO security resources: http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr882699 fz528148 erg712382.
7. Disclaimer
SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products.
8. Acknowledgements
SCO would like to thank Janusz Niewiadomski for reporting this issue.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)
iD8DBQE/uU5lbluZssSXDTERAjKTAKCwv9o4wj3AnK++/g6/MObc4WFUFgCgqdA8 xmjzczTc7zXZECQEkCsW3M4= =Kq/p -----END PGP SIGNATURE-----
|
|
|
|