980 – NFS/MOUNTD problem?

Bug 980 - NFS/MOUNTD problem?

Summary: NFS/MOUNTD problem?

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	nfs-server
Sub Component:
Version:	5.1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	David Lawrence
QA Contact:
Docs Contact:
URL:	http://www.redhat.com/errata
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	1999-01-28 00:56 UTC by atsekhan
Modified:	2008-05-01 15:37 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	1999-01-28 15:43:13 UTC
Embargoed:

Attachments	(Terms of Use)

Description atsekhan 1999-01-28 00:56:14 UTC

It appears that NFS server and/or client and/or MOUNTD has
a security bug which allows an intruder to add shell
accounts to the /etc/passwd file. We had an attemted
breakin stopped only after the intruder tripped certain
security measures installed on the machine, but AFTER
successfull unauthorized login.
The NFS server was installed and running even though
NOTHING was shared through the NFS.

If you need more info on the subject, please contact
Alex Tsekhansky @

atsekhan

If this is a known bug, I would appreciate the info on the
fix.

Comment 1 Bill Nottingham 1999-01-28 15:43:59 UTC

upgrade to the latest nfs-* from the errata.

Note You need to log in before you can comment on or make changes to this bug.