RHEL 2.1 : nfs-utils (RHSA-2005:014)

An updated nfs-utils package that fixes various security issues is now available. The nfs-utils package provides a daemon for the kernel NFS server and related tools. SGI reported that the statd daemon did not properly handle the SIGPIPE signal. A misconfigured or malicious peer could cause statd...

Important: Red Hat Security Advisory: nfs-utils security update

An updated nfs-utils package that fixes various security issues is now available. The nfs-utils package provides a daemon for the kernel NFS server and related tools. SGI reported that the statd daemon did not properly handle the SIGPIPE signal. A misconfigured or malicious peer could cause statd...

Mandrake Linux Security Advisory : nfs-utils (MDKSA-2005:005)

Arjan van de Ven discovered a buffer overflow in rquotad on 64bit architectures; an improper integer conversion could lead to a buffer overflow. An attacker with access to an NFS share could send a specially crafted request which could then lead to the execution of arbitrary code. The updated...

CVE-2004-1014

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service server process crash via a TCP connection that is prematurely terminated...

CVE-2004-1014

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service server process crash via a TCP connection that is prematurely terminated...

CVE-2004-1014

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service server process crash via a TCP connection that is prematurely terminated...

CVE-2004-1387

The checkforensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files...

CVE-2004-0946

CVE-2004-0946 affects nfs-utils: the rquotad component (rquota_server.c) on 64-bit architectures performs an unsafe 32-bit assumption during memcpy, causing a stack-based buffer overflow. This could allow remote code execution via crafted NFS requests. Public advisories confirm a fix in updated n...

RHEL 3 : nfs-utils (RHSA-2004:583)

An updated nfs-utils package that fixes various security issues is now available. The nfs-utils package provides a daemon for the kernel NFS server and related tools, providing a much higher level of performance than the traditional Linux NFS server used by most users. This package also contains...

nfs-utils: Multiple remote vulnerabilities

Background nfs-utils is a package containing the client and daemon implementations for the NFS protocol. Description Arjan van de Ven has discovered a buffer overflow on 64-bit architectures in 'rquotaserver.c' of nfs-utils CAN-2004-0946. A remotely exploitable flaw on all architectures also exis...

GLSA-200412-08 : nfs-utils: Multiple remote vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200412-08 nfs-utils: Multiple remote vulnerabilities Arjan van de Ven has discovered a buffer overflow on 64-bit architectures in 'rquotaserver.c' of nfs-utils CAN-2004-0946. A remotely exploitable flaw on all architectures also...

[SECURITY] [DSA 606-1] New nfs-utils packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 606-1 [email protected] http://www.debian.org/security/ Martin Schulze December 8th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 606-1] New nfs-utils packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 606-1 [email protected] http://www.debian.org/security/ Martin Schulze December 8th, 2004 http://www.debian.org/security/faq -...

CVE-2004-1014

CVE-2004-1014 affects statd in nfs-utils 1.257 and earlier, where SIGPIPE is not ignored, allowing a remote attacker to trigger a denial-of-service (server crash) via a prematurely terminated TCP connection. The OpenVAS, Ubuntu USN-36-1, Debian DSA 606-1, Gentoo GLSA 200412-08, and Red Hat RHSA-2...

CVE-2004-1014

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service server process crash via a TCP connection that is prematurely terminated...

CVE-2004-1014

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service server process crash via a TCP connection that is prematurely terminated...

DSA-606-1 nfs-utils - wrong signal handler

Bulletin has no description...

Debian DSA-606-1 : nfs-utils - wrong signal handler

SGI has discovered that rpc.statd from the nfs-utils package, the Network Status Monitor, did not ignore the 'SIGPIPE'. Hence, a client prematurely terminating the TCP connection could also terminate the server process. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Mandrake Linux Security Advisory : nfs-utils (MDKSA-2004:146)

SGI developers discovered a remote DoS Denial of Service condition in the NFS statd server. rpc.statd did not ignore the 'SIGPIPE' signal which would cause it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely. The updated packages have been patched to...

Mandrake Linux Security Advisory : shadow-utils (MDKSA-2004:126)

A vulnerability in the shadow suite was discovered by Martin Schulze that can be exploited by local users to bypass certain security restrictions due to an input validation error in the passwdcheck function. This function is used by the chfn and chsh tools. The updated packages have been patched ...