---

Home Security

Debian Security Advisory: New version of nfs-server fixes remote exploit

By

Date: Thu, 11 Nov 1999 17:57:52 +0100
From: Wichert Akkerman <<a
href=”mailto:wichert@soil.nl”>wichert@soil.nl>
To: debian-security-announce@lists.debian.org

—–BEGIN PGP SIGNED MESSAGE—–

Debian Security Advisory security@debian.org
http://www.debian.org/security/
Wichert Akkerman
November 11, 1999

The version of nfs-server that was distributed in Debian
GNU/Linux 2.1 had a buffer overflow in fh_buildpath(). It assumed
that the total length of a path would never exceed
(PATH_MAX_NAME_MAX). With a read/write exported directory people
could created longes path and cause a bufferoverflow.

This has been addressed in version 2.2beta37-1slink.1, and we
recommend you upgrade your nfs-server package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.1 alias slink

This version of Debian was released only for Intel, the Motorola
680×0, the alpha and the Sun sparc architecture.

Source archives:

http://security.debian.org/dists/stable/updates/source/nfs-server_2.2beta37-1slink.1.diff.gz
MD5 checksum: 277c6daafd5b6f3947908a40761473d1

http://security.debian.org/dists/stable/updates/source/nfs-server_2.2beta37-1slink.1.dsc
MD5 checksum: c9bcdd19e29055d420e1c50dee6425d4

http://security.debian.org/dists/stable/updates/source/nfs-server_2.2beta37.orig.tar.gz
MD5 checksum: afe0f88c48add25f304a387ae4fb40ba

Alpha architecture:

http://security.debian.org/dists/stable/updates/binary-alpha/nfs-server_2.2beta37-1slink.1_alpha.deb
MD5 checksum: 5e9d134fcc8834e5cf6a7dedb2394f7b

Intel ia32 architecture:

http://security.debian.org/dists/stable/updates/binary-i386/nfs-server_2.2beta37-1slink.1_i386.deb
MD5 checksum: f5c4f2cc59101dc15bfc66530cb4d9e1

Motorola 680×0 architecture:

http://security.debian.org/dists/stable/updates/binary-m68k/nfs-server_2.2beta37-1slink.1_m68k.deb
MD5 checksum: 672a8509a53f52d71efcde29b37780aa

Sun Sparc architecture:

http://security.debian.org/dists/stable/updates/binary-sparc/nfs-server_2.2beta37-1slink.1_sparc.deb
MD5 checksum: c882894e79ede2c9af4d52566db59971

These files will be moved into
ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/
soon.

For not yet released architectures please refer to the
appropriate directory
ftp://ftp.debian.org/debian/dists/sid/binary-$arch/
.

– —

For apt-get: deb http://security.debian.org/
stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org

—–BEGIN PGP SIGNATURE—– Version: 2.6.3ia
Charset: noconv

iQB1AwUBOCr1jqjZR/ntlUftAQEXpgL8CB3ZmEi7fb9KXGcaksuVE2X0K8KR66eZ
tVcFqXKElX1KnLCzi5OQ38hPg6qHBLhiTKhhNcYNotTs+2uEHvjKhq4ml88tiv1k
7vE5ZARYXGWiOxfao20zYzuzg6Q8N4iN
=gTX8

—–END PGP SIGNATURE—–

Complete Story
Previous article
Next article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.