Advisories

Mandriva Advisories

Package name	nfs-utils
Date	July 21st, 2003
Advisory ID	MDKSA-2003:076
Affected versions	8.2, 9.0, 9.1, CS2.1
Synopsis	Updated nfs-utils packages fix buffer overflow

Problem Description

An off-by-one buffer overflow was found in the logging code in
nfs-utils when adding a newline to the string being logged. This
could allow an attacker to execute arbitrary code or cause a DoS
(Denial of Service) on the server by sending certain RPC requests.

Updated Packages

Mandrakelinux 8.2

 4c558ba4b7fdb4b42822e9d73878a508  8.2/RPMS/nfs-utils-0.3.3-3.1mdk.i586.rpm
9f1f54ab94f3abd067a5e40b6d81100a  8.2/RPMS/nfs-utils-clients-0.3.3-3.1mdk.i586.rpm
672f5a3ca5f042bef35d9f8427cad174  8.2/SRPMS/nfs-utils-0.3.3-3.1mdk.src.rpm

Mandrakelinux 8.2/PPC

 11bc4cf63a43a2f6f6e6913c207717d1  ppc/8.2/RPMS/nfs-utils-0.3.3-3.1mdk.ppc.rpm
f4e1d4eb7c9cebb6d356c26472382155  ppc/8.2/RPMS/nfs-utils-clients-0.3.3-3.1mdk.ppc.rpm
672f5a3ca5f042bef35d9f8427cad174  ppc/8.2/SRPMS/nfs-utils-0.3.3-3.1mdk.src.rpm

Mandrakelinux 9.0

 afe02ce4c5f8ca99c44ec7e86c2a87b1  9.0/RPMS/nfs-utils-1.0.1-1.1mdk.i586.rpm
2101dbdd6f7a09daf744b2405db03244  9.0/RPMS/nfs-utils-clients-1.0.1-1.1mdk.i586.rpm
b49f189c0cd2ffa058e1facaac42e1b3  9.0/SRPMS/nfs-utils-1.0.1-1.1mdk.src.rpm

Mandrakelinux 9.1

 374e0e896893eed5574bd07e5fc3e98a  9.1/RPMS/nfs-utils-1.0.1-1.1mdk.i586.rpm
bead87e084c6c8af03d7cddd3eab8725  9.1/RPMS/nfs-utils-clients-1.0.1-1.1mdk.i586.rpm
b49f189c0cd2ffa058e1facaac42e1b3  9.1/SRPMS/nfs-utils-1.0.1-1.1mdk.src.rpm

Mandrakelinux 9.1/PPC

 8884a5489b3973660c266dc261826c87  ppc/9.1/RPMS/nfs-utils-1.0.1-1.1mdk.ppc.rpm
53362acc8a956809004c08f3cf3428ba  ppc/9.1/RPMS/nfs-utils-clients-1.0.1-1.1mdk.ppc.rpm
b49f189c0cd2ffa058e1facaac42e1b3  ppc/9.1/SRPMS/nfs-utils-1.0.1-1.1mdk.src.rpm

Corporate Server 2.1

 afe02ce4c5f8ca99c44ec7e86c2a87b1  corporate/2.1/RPMS/nfs-utils-1.0.1-1.1mdk.i586.rpm
2101dbdd6f7a09daf744b2405db03244  corporate/2.1/RPMS/nfs-utils-clients-1.0.1-1.1mdk.i586.rpm
b49f189c0cd2ffa058e1facaac42e1b3  corporate/2.1/SRPMS/nfs-utils-1.0.1-1.1mdk.src.rpm

Corporate Server 2.1/X86_64

 1cd88757f7fe256a7ceb5d9cc61635d8  x86_64/corporate/2.1/RPMS/nfs-utils-1.0.1-1.1mdk.x86_64.rpm
8e3d571ba1288eb3b54e8652a7f47626  x86_64/corporate/2.1/RPMS/nfs-utils-clients-1.0.1-1.1mdk.x86_64.rpm
b49f189c0cd2ffa058e1facaac42e1b3  x86_64/corporate/2.1/SRPMS/nfs-utils-1.0.1-1.1mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0252

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer