Bug 1391 - nfs-server-2.2beta37-0 in 4.2 is still vulnerable to mountd attacks
nfs-server-2.2beta37-0 in 4.2 is still vulnerable to mountd attacks
Status: CLOSED WORKSFORME
Product: Red Hat Linux
Classification: Retired
Component: nfs-server (Show other bugs)
4.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-03-01 16:09 EST by Chaskiel Grundman
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-05-16 17:58:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chaskiel Grundman 1999-03-01 16:09:41 EST
The summary basically says it. I run a single 4.2 nfs server
on campus to support the installation of workstations. For
the last month or so, mountd on this server has repeatedly
segfaulted. The debug log shows nothing useful. I have a
packet trace (including all the data) from an attack that
used the portmapper, but not the exploit program itself.
The string 'Privet ADMcrew' appears in the packet

I'm pretty sure I'm running the most recent nfs-server
release:

linuxbuild /dist/src  > rpm -q nfs-server
nfs-server-2.2beta37-0
linuxbuild /dist/src  > rpm -V nfs-server
S.5....T c /etc/exports
....L... c /etc/rc.d/rc0.d/K20nfs
....L... c /etc/rc.d/rc1.d/K20nfs
....L... c /etc/rc.d/rc2.d/K20nfs
....L... c /etc/rc.d/rc3.d/S60nfs
.M...... c /etc/rc.d/rc5.d/S60nfs
....L... c /etc/rc.d/rc6.d/K20nfs
missing    /usr/doc/nfs-server-2.2beta37
missing    /usr/doc/nfs-server-2.2beta37/NEWS
missing    /usr/doc/nfs-server-2.2beta37/README
linuxbuild /dist/src  > rpm -V -p
/dist/redhat/updates/RPMS/nfs-server-2.2beta37-0.i386.rpm
S.5....T c /etc/exports
....L... c /etc/rc.d/rc0.d/K20nfs
....L... c /etc/rc.d/rc1.d/K20nfs
....L... c /etc/rc.d/rc2.d/K20nfs
....L... c /etc/rc.d/rc3.d/S60nfs
.M...... c /etc/rc.d/rc5.d/S60nfs
....L... c /etc/rc.d/rc6.d/K20nfs
missing    /usr/doc/nfs-server-2.2beta37
missing    /usr/doc/nfs-server-2.2beta37/NEWS
missing    /usr/doc/nfs-server-2.2beta37/README
linuxbuild /dist/src  > md5
/dist/redhat/updates/RPMS/nfs-server-2.2beta37-0.i386.rpm
MD5
(/dist/redhat/updates/RPMS/nfs-server-2.2beta37-0.i386.rpm)
= 31cf25a52d81b411b5771c8068a4bcec
Comment 1 David Lawrence 1999-03-02 16:18:59 EST
Assigned bug to a developer for further review
Comment 2 Jeff Johnson 1999-04-09 14:50:59 EDT
Please reopen this bug if you have enough information about
the exploit for us to fix the problem.

Note You need to log in before you can comment on or make changes to this bug.