Date: 25 June 1999
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-1999.087 -- RHSA-1999:016-01
Potential security problem in Red Hat 5.2 nfs-server
25 June 1999
===========================================================================
Red Hat Software, Inc. has released the following advisory concerning a
security problem in root-squashing in the Red Hat 5.2 nfs-server package.
- --------------------------BEGIN INCLUDED TEXT--------------------
- ---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Potential security problem in Red Hat 5.2 nfs-server.
Advisory ID: RHSA-1999:016-01
Issue date: 1999-06-24
Keywords: nfs-server root-squashing security
- ---------------------------------------------------------------------
1. Topic:
A potential security problem has been fixed in the nfs-server package.
2. Bug IDs fixed:
3. Relevant releases/architectures:
Red Hat Linux 5.2, all architectures
4. Obsoleted by:
5. Conflicts with:
6. RPMs required:
Intel: ftp://updates.redhat.com/5.2/i386
nfs-server-2.2beta44.i386.rpm
nfs-server-clients2.2beta44.i386.rpm
Alpha: ftp://updates.redhat.com/5.2/alpha
nfs-server-2.2beta44.alpha.rpm
nfs-server-clients-2.2beta44.alpha.rpm
Sparc: ftp://updates.redhat.com/5.2/sparc
nfs-server-2.2beta44.sparc.rpm
nfs-server-clients-2.2beta44.sparc.rpm
7. Problem description:
A change to 32 bit uid_t's within glibc 2.0.x has opened a potential
hole in root-squashing.
8. Solution:
9. Verification:
MD5 sum Package Name
- --------------------------------------------------------------------------
98bd10854eb9da9ee48d2217055a6979 SRPMS/nfs-server-2.2beta44-1.src.rpm
28da963f934cd376f8cfd0ce7c56747c alpha/nfs-server-2.2beta44-1.alpha.rpm
894c145fa449c7444b155304a1c5c29e alpha/nfs-server-clients-2.2beta44-1.alpha.rpm
0780a208a3053c0e127bfee37eb255e3 i386/nfs-server-2.2beta44-1.i386.rpm
823cae1b9bf28640ff933d1783d581c4 i386/nfs-server-clients-2.2beta44-1.i386.rpm
e2578175851a9c50975d289ae4baebfd sparc/nfs-server-2.2beta44-1.sparc.rpm
e66a63a62f6988ad6885f7a1acb746a8 sparc/nfs-server-clients-2.2beta44-1.sparc.rp
These packages are also PGP signed by Red Hat Inc. for security. Our
key is available at:
http://www.redhat.com/corp/contact.html
10. References:
- --------------------------END INCLUDED TEXT--------------------
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It will
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBN3jZgyh9+71yA2DNAQGsuAQAmaDz5JYPswWi9laIma8u03yZ9gHanTRH
mqXNf+tqB95Lr2dvWLSg+9gzY1osnHLGvMiEBTgsi/Zl9k3wTz0+s7/Kd2P7dsiT
gaS3NwqweuJ6DaEiartQ5ONgyWxh4ddPEZp38Rnr6NnWzZ/+WSp+4HIxekqiKnRb
rQyNl9u4B2Q=
=ZbK5
-----END PGP SIGNATURE-----
|