(RHSA-2004:072) nfs-utils security update

2004-03-11T05:00:00
ID RHSA-2004:072
Type redhat
Reporter RedHat
Modified 2017-07-29T20:25:51

Description

The nfs-utils package contains the rpc.mountd program, which implements the NFS mount protocol.

A flaw was discovered in versions of rpc.mountd in nfs-utils versions after 1.0.3 and prior to 1.0.6. When mounting a directory, rpc.mountd could crash if the reverse lookup of the client in DNS failed to match the forward lookup. An attacker who has the ability to mount remote directories from a server could make use of this flaw to cause a denial of service by making rpc.mountd crash.

Users are advised to upgrade to these updated packages, which contain nfs-utils 1.0.6 and is not vulnerable to this issue.

NOTE: Red Hat Enterprise Linux 2.1 includes a version of rpc.mountd that is not vulnerable to this issue.