Date: Fri, 4 Sep 1998 18:31:55 +0000 From: Martin Schulze <joey@finlandia.Infodrom.North.DE> To: Debian Security Announcements <debian-security-announce@lists.debian.org> Subject: [SECURITY] New versions of netstd fixes root exploit in rpc.mountd --ZRyEpB+iJ+qUx0kp Content-Type: text/plain; charset=us-ascii Description ----------- The Program rpc.mountd is a mount daemon that handles NFS mounts. The version as shipped with current distributions of Linux contains a buffer overflow. Impact ------ The overflow can be used as part of an attack to gain root access on the machine acting NFS server. We recommend you upgrade your netstd package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm ------------------------------- This version of Debian was released only for the Intel and the Motorola 68xxx architecture. Source archives: ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.1.diff.gz MD5 checksum: d7b91ec56438cc64196ed2f0bb45c65e ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.1.dsc MD5 checksum: be9b1a9dc644024e5a7e4dac486e72b2 ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.1_i386.changes MD5 checksum: 1e852459e68e37b26c243924d3b20a4f Intel architecture: ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.1_i386.deb MD5 checksum: 2d5bdea2d343211313693bd177d793ff ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.1_m68k.changes MD5 checksum: 332c723f3616b1ae8467058aefd84ee4 Motorola 68xxx architecture: ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.1_m68k.deb MD5 checksum: ebc9276b22df119827c1da54575bccc1 These files will be moved into ftp://ftp.debian.org/debian/dists/hamm/hamm/binary-$arch/net/ soon. For other architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . -- Debian GNU/Linux . Security Managers . security@debian.org http://www.debian.org/security/ Christian Hudon . Wichert Akkermann . Martin Schulze <chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org> --ZRyEpB+iJ+qUx0kp Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBNfAyGxRNm5Suj3z1AQEJEgP/bv0+QtPNJib8MbB3vaAvA7WKdziVRsBz LIwanrWTgnJkrsmY7pfAUVi555gT8pWWCfeLowVROlEIw8e6sXt8cqtYH2edOqnh doeEDw2U4Uncqx19tv8ctzYLGCNcSM3qcgsP8N4LHed7lZLIky4SS5mbWVXk4QcM ebLnXxwtZfQ= =6Y2p -----END PGP SIGNATURE----- --ZRyEpB+iJ+qUx0kp-- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org