Info

Disclosure

Nov 09, 1999

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in NFS Server. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long pathname on a read-write mounted NFS directory, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored / Private
Disclosure: OSVDB Verified

Solution

Contact your vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.

Products

Software in the Public Interest, Inc.

Debian Linux

2.1

Red Hat, Inc.	Linux	5.2
		4.2

Slackware Linux, Inc.

Slackware

7.0

SUSE LINUX AG	SUSE LINUX	6.2
		6.1

SCO Group, Inc.

Caldera OpenLinux

2.3

References

CVE ID: 1999-0832 (see also: NVD)
ISS X-Force ID: 3501
Bugtraq ID: 782
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q3/1549.html
http://archives.neohapsis.com/archives/bugtraq/1999-q4/0165.html
Vendor URL: http://nfs.sourceforge.net/
Vendor Specific Advisory URL: http://www.caldera.com/support/security/advisories/CSSA-1999-033.0.txt
http://www.debian.org/security/1999/19991111
http://www.suse.de/de/security/suse_security_announce_29.txt

Credit

Mariusz Marcinkiewicz - tmoggzigzag.pl -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Software in the Public Interest, Inc.

Debian Linux

Red Hat, Inc.

Linux

Slackware Linux, Inc.

Slackware

SUSE LINUX AG

SUSE LINUX

SCO Group, Inc.

Caldera OpenLinux

References

Credit