Hide Forgot
The summary basically says it. I run a single 4.2 nfs server on campus to support the installation of workstations. For the last month or so, mountd on this server has repeatedly segfaulted. The debug log shows nothing useful. I have a packet trace (including all the data) from an attack that used the portmapper, but not the exploit program itself. The string 'Privet ADMcrew' appears in the packet I'm pretty sure I'm running the most recent nfs-server release: linuxbuild /dist/src > rpm -q nfs-server nfs-server-2.2beta37-0 linuxbuild /dist/src > rpm -V nfs-server S.5....T c /etc/exports ....L... c /etc/rc.d/rc0.d/K20nfs ....L... c /etc/rc.d/rc1.d/K20nfs ....L... c /etc/rc.d/rc2.d/K20nfs ....L... c /etc/rc.d/rc3.d/S60nfs .M...... c /etc/rc.d/rc5.d/S60nfs ....L... c /etc/rc.d/rc6.d/K20nfs missing /usr/doc/nfs-server-2.2beta37 missing /usr/doc/nfs-server-2.2beta37/NEWS missing /usr/doc/nfs-server-2.2beta37/README linuxbuild /dist/src > rpm -V -p /dist/redhat/updates/RPMS/nfs-server-2.2beta37-0.i386.rpm S.5....T c /etc/exports ....L... c /etc/rc.d/rc0.d/K20nfs ....L... c /etc/rc.d/rc1.d/K20nfs ....L... c /etc/rc.d/rc2.d/K20nfs ....L... c /etc/rc.d/rc3.d/S60nfs .M...... c /etc/rc.d/rc5.d/S60nfs ....L... c /etc/rc.d/rc6.d/K20nfs missing /usr/doc/nfs-server-2.2beta37 missing /usr/doc/nfs-server-2.2beta37/NEWS missing /usr/doc/nfs-server-2.2beta37/README linuxbuild /dist/src > md5 /dist/redhat/updates/RPMS/nfs-server-2.2beta37-0.i386.rpm MD5 (/dist/redhat/updates/RPMS/nfs-server-2.2beta37-0.i386.rpm) = 31cf25a52d81b411b5771c8068a4bcec
Assigned bug to a developer for further review
Please reopen this bug if you have enough information about the exploit for us to fix the problem.