linux, säkerhet

4097451 1999-06-25  02:38  /88 rader/ Postmaster
Mottagare: Bugtraq (import) <6835>
Ärende: [RHSA-1999:016-01] Potential security problem in Red Hat 5. 
------------------------------------------------------------
             nfs-server. (fwd)
Approved-By: aleph1@UNDERGROUND.ORG
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID:  <Pine.LNX.4.10.9906250032020.11349-100000@twix.thrijswijk.nl>
Date:         Fri, 25 Jun 1999 00:32:15 +0200
Reply-To: Raymond Dijkxhoorn <raymond@THRIJSWIJK.NL>
Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Raymond Dijkxhoorn <raymond@THRIJSWIJK.NL>
To: BUGTRAQ@NETSPACE.ORG

From: Jeff Johnson <jbj@redhat.com>

---------------------------------------------------------------------
		   Red Hat, Inc. Security Advisory

Synopsis:		Potential security problem in Red Hat 5.2 nfs-server.
Advisory ID:		RHSA-1999:016-01
Issue date:		1999-06-24
Keywords:		nfs-server root-squashing security
---------------------------------------------------------------------

1. Topic:

A potential security problem has been fixed in the nfs-server package.

2. Bug IDs fixed:

3. Relevant releases/architectures:

Red Hat Linux 5.2, all architectures

4. Obsoleted by:

5. Conflicts with:

6. RPMs required:

Intel: ftp://updates.redhat.com/5.2/i386

	nfs-server-2.2beta44.i386.rpm
	nfs-server-clients2.2beta44.i386.rpm

Alpha: ftp://updates.redhat.com/5.2/alpha

	nfs-server-2.2beta44.alpha.rpm
	nfs-server-clients-2.2beta44.alpha.rpm

Sparc: ftp://updates.redhat.com/5.2/sparc

	nfs-server-2.2beta44.sparc.rpm
	nfs-server-clients-2.2beta44.sparc.rpm

7. Problem description:

A change to 32 bit uid_t's within glibc 2.0.x has opened a potential
hole in root-squashing.

8. Solution:

9. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
98bd10854eb9da9ee48d2217055a6979  SRPMS/nfs-server-2.2beta44-1.src.rpm
28da963f934cd376f8cfd0ce7c56747c  alpha/nfs-server-2.2beta44-1.alpha.rpm
894c145fa449c7444b155304a1c5c29e  alpha/nfs-server-clients-2.2beta44-1.alpha.rpm
0780a208a3053c0e127bfee37eb255e3  i386/nfs-server-2.2beta44-1.i386.rpm
823cae1b9bf28640ff933d1783d581c4  i386/nfs-server-clients-2.2beta44-1.i386.rpm
e2578175851a9c50975d289ae4baebfd  sparc/nfs-server-2.2beta44-1.sparc.rpm
e66a63a62f6988ad6885f7a1acb746a8  sparc/nfs-server-clients-2.2beta44-1.sparc.rp

These packages are also PGP signed by Red Hat Inc. for security.  Our
key is available at:

http://www.redhat.com/corp/contact.html

10. References:



--
         To unsubscribe: mail redhat-watch-list-request@redhat.com with
                       "unsubscribe" as the Subject.

--
To unsubscribe:
mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null