A change to 32 bit uid_t’s within glibc 2.0.x has opened a
potential hole in root-squashing.
--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Potential security problem in Red Hat 5.2 nfs-server. Advisory ID: RHSA-1999:016-01 Issue date: 1999-06-24 Keywords: nfs-server root-squashing security --------------------------------------------------------------------- 1. Topic: A potential security problem has been fixed in the nfs-server package. 2. Bug IDs fixed: 3. Relevant releases/architectures: Red Hat Linux 5.2, all architectures 4. Obsoleted by: 5. Conflicts with: 6. RPMs required: Intel: ftp://updates.redhat.com/5.2/i386 nfs-server-2.2beta44.i386.rpm nfs-server-clients2.2beta44.i386.rpm Alpha: ftp://updates.redhat.com/5.2/alpha nfs-server-2.2beta44.alpha.rpm nfs-server-clients-2.2beta44.alpha.rpm Sparc: ftp://updates.redhat.com/5.2/sparc nfs-server-2.2beta44.sparc.rpm nfs-server-clients-2.2beta44.sparc.rpm 7. Problem description: A change to 32 bit uid_t's within glibc 2.0.x has opened a potential hole in root-squashing. 8. Solution: 9. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 98bd10854eb9da9ee48d2217055a6979 SRPMS/nfs-server-2.2beta44-1.src.rpm 28da963f934cd376f8cfd0ce7c56747c alpha/nfs-server-2.2beta44-1.alpha.rpm 894c145fa449c7444b155304a1c5c29e alpha/nfs-server-clients-2.2beta44-1.alpha.rpm 0780a208a3053c0e127bfee37eb255e3 i386/nfs-server-2.2beta44-1.i386.rpm 823cae1b9bf28640ff933d1783d581c4 i386/nfs-server-clients-2.2beta44-1.i386.rpm e2578175851a9c50975d289ae4baebfd sparc/nfs-server-2.2beta44-1.sparc.rpm e66a63a62f6988ad6885f7a1acb746a8 sparc/nfs-server-clients-2.2beta44-1.sparc.rp These packages are also PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html 10. References: -- To unsubscribe: mail redhat-watch-list-request@redhat.com with "unsubscribe" as the Subject.