![[LWN Logo]](/images/lwn.banner.gif)
Date: Fri, 4 Sep 1998 18:31:55 +0000
From: Martin Schulze <joey@finlandia.Infodrom.North.DE>
To: Debian Security Announcements <debian-security-announce@lists.debian.org>
Subject: [SECURITY] New versions of netstd fixes root exploit in rpc.mountd
--ZRyEpB+iJ+qUx0kp
Content-Type: text/plain; charset=us-ascii
Description
-----------
The Program rpc.mountd is a mount daemon that handles NFS mounts.
The version as shipped with current distributions of Linux contains
a buffer overflow.
Impact
------
The overflow can be used as part of an attack to gain root access on
the machine acting NFS server.
We recommend you upgrade your netstd package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.0 alias hamm
-------------------------------
This version of Debian was released only for the Intel and the
Motorola 68xxx architecture.
Source archives:
ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.1.diff.gz
MD5 checksum: d7b91ec56438cc64196ed2f0bb45c65e
ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.1.dsc
MD5 checksum: be9b1a9dc644024e5a7e4dac486e72b2
ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.1_i386.changes
MD5 checksum: 1e852459e68e37b26c243924d3b20a4f
Intel architecture:
ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.1_i386.deb
MD5 checksum: 2d5bdea2d343211313693bd177d793ff
ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.1_m68k.changes
MD5 checksum: 332c723f3616b1ae8467058aefd84ee4
Motorola 68xxx architecture:
ftp://ftp.debian.org/debian/dists/proposed-updates/netstd_3.07-2hamm.1_m68k.deb
MD5 checksum: ebc9276b22df119827c1da54575bccc1
These files will be moved into
ftp://ftp.debian.org/debian/dists/hamm/hamm/binary-$arch/net/ soon.
For other architectures please refer to the appropriate directory
ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
--
Debian GNU/Linux . Security Managers . security@debian.org
http://www.debian.org/security/
Christian Hudon . Wichert Akkermann . Martin Schulze
<chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org>
--ZRyEpB+iJ+qUx0kp
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQCVAwUBNfAyGxRNm5Suj3z1AQEJEgP/bv0+QtPNJib8MbB3vaAvA7WKdziVRsBz
LIwanrWTgnJkrsmY7pfAUVi555gT8pWWCfeLowVROlEIw8e6sXt8cqtYH2edOqnh
doeEDw2U4Uncqx19tv8ctzYLGCNcSM3qcgsP8N4LHed7lZLIky4SS5mbWVXk4QcM
ebLnXxwtZfQ=
=6Y2p
-----END PGP SIGNATURE-----
--ZRyEpB+iJ+qUx0kp--
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org