Family: Red Hat Local Security Checks --> Category: infos
RHSA-2004-072: nfs Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the nfs packages
Detailed Explanation for this Vulnerability Test
Updated nfs-utils packages that fix a flaw leading to possible rpc.mountd
crashes are now available.
The nfs-utils package contains the rpc.mountd program, which implements the
NFS mount protocol.
A flaw was discovered in versions of rpc.mountd in nfs-utils versions after
1.0.3 and prior to 1.0.6. When mounting a directory, rpc.mountd could
crash if the reverse lookup of the client in DNS failed to match the
forward lookup. A possible hacker who has the ability to mount remote
directories from a server could make use of this flaw to cause a denial of
service by making rpc.mountd crash.
Users are advised to upgrade to these updated packages, which contain
nfs-utils 1.0.6 and is not vulnerable to this issue.
NOTE: Red Hat Enterprise Linux 2.1 includes a version of rpc.mountd that is
not vulnerable to this issue.
Solution : http://rhn.redhat.com/errata/RHSA-2004-072.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.