int(1224)

Vulnerability Bulletins


Ejecución remota de código en nfs-utils

Vulnerability classification

Property Value
Confidence level Oficial
Impact Obtener acceso
Dificulty Avanzado
Required attacker level Acceso remoto con cuenta

System information

Property Value
Affected manufacturer GNU/Linux
Affected software nfs-utils

Description

Existe una vulnerabilidad de desbordamiento de búfer en rquotad de nfs-utils.

Una conversión incorrecta de enteros en arquitecturas de 64 bits puede conllevar dicho desbordamiento.

Un atacante con acceso a NFS podría enviar una petición especialmente diseñada con el fin de ejecutar códifo arbitrario.

Solution



Actualizacion de software

Red Hat Linux

Red Hat Desktop (v. 3) & SRPMS:
nfs-utils-1.0.6-33EL.src.rpm

Red Hat Desktop (v. 3) & IA-32:
nfs-utils-1.0.6-33EL.i386.rpm

Red Hat Desktop (v. 3) & x86_64:
nfs-utils-1.0.6-33EL.x86_64.rpm

Red Hat Enterprise Linux AS (v. 3) & SRPMS:
nfs-utils-1.0.6-33EL.src.rpm

Red Hat Enterprise Linux AS (v. 3) & IA-32:
nfs-utils-1.0.6-33EL.i386.rpm

Red Hat Enterprise Linux AS (v. 3) & IA-64:
nfs-utils-1.0.6-33EL.ia64.rpm

Red Hat Enterprise Linux AS (v. 3) & PPC:
nfs-utils-1.0.6-33EL.ppc.rpm

Red Hat Enterprise Linux AS (v. 3) & s390:
nfs-utils-1.0.6-33EL.s390.rpm

Red Hat Enterprise Linux AS (v. 3) & s390x:
nfs-utils-1.0.6-33EL.s390x.rpm

Red Hat Enterprise Linux AS (v. 3) & x86_64:
nfs-utils-1.0.6-33EL.x86_64.rpm

Red Hat Enterprise Linux ES (v. 3) & SRPMS:
nfs-utils-1.0.6-33EL.src.rpm

Red Hat Enterprise Linux ES (v. 3) & IA-32:
nfs-utils-1.0.6-33EL.i386.rpm

Red Hat Enterprise Linux ES (v. 3) & IA-64:
nfs-utils-1.0.6-33EL.ia64.rpm

Red Hat Enterprise Linux ES (v. 3) & x86_64:
nfs-utils-1.0.6-33EL.x86_64.rpm

Red Hat Enterprise Linux WS (v. 3) & SRPMS:
nfs-utils-1.0.6-33EL.src.rpm

Red Hat Enterprise Linux WS (v. 3) & IA-32:
nfs-utils-1.0.6-33EL.i386.rpm

Red Hat Enterprise Linux WS (v. 3) & IA-64:
nfs-utils-1.0.6-33EL.ia64.rpm

Red Hat Enterprise Linux WS (v. 3) & x86_64:
nfs-utils-1.0.6-33EL.x86_64.rpm
http://rhn.redhat.com/

Mandrake Linux
Mandrake Linux 10.0:
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/nfs-utils-1.0.6-2.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/nfs-utils-clients-1.0.6-2.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/nfs-utils-1.0.6-2.2.100mdk.src.rpm
Mandrake Linux 10.0/AMD64:
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/nfs-utils-1.0.6-2.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/nfs-utils-clients-1.0.6-2.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/nfs-utils-1.0.6-2.2.100mdk.src.rpm
Mandrake Linux 10.1:
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/nfs-utils-1.0.6-2.2.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/nfs-utils-clients-1.0.6-2.2.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/nfs-utils-1.0.6-2.2.101mdk.src.rpm
Mandrake Linux 10.1/X86_64:
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/nfs-utils-1.0.6-2.2.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/nfs-utils-clients-1.0.6-2.2.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/nfs-utils-1.0.6-2.2.101mdk.src.rpm
Corporate Server 2.1:
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/nfs-utils-1.0.1-1.3.C21mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/nfs-utils-clients-1.0.1-1.3.C21mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/nfs-utils-1.0.1-1.3.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/nfs-utils-1.0.1-1.3.C21mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/nfs-utils-clients-1.0.1-1.3.C21mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/nfs-utils-1.0.1-1.3.C21mdk.src.rpm
Mandrake Linux 9.2:
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/nfs-utils-1.0.5-1.2.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/nfs-utils-clients-1.0.5-1.2.92mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/nfs-utils-1.0.5-1.2.92mdk.src.rpm
Mandrake Linux 9.2/AMD64:
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/nfs-utils-1.0.5-1.2.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/nfs-utils-clients-1.0.5-1.2.92mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/nfs-utils-1.0.5-1.2.92mdk.src.rpm

Red Hat Linux (nuevos parches)

Red Hat Enterprise Linux AS (v. 2.1) / SRPMS:
nfs-utils-0.3.3-11.src.rpm

Red Hat Enterprise Linux AS (v. 2.1) / IA-32:
nfs-utils-0.3.3-11.i386.rpm

Red Hat Enterprise Linux AS (v. 2.1) / IA-64:
nfs-utils-0.3.3-11.ia64.rpm

Red Hat Enterprise Linux ES (v. 2.1) / SRPMS:
nfs-utils-0.3.3-11.src.rpm

Red Hat Enterprise Linux ES (v. 2.1) / IA-32:
nfs-utils-0.3.3-11.i386.rpm

Red Hat Enterprise Linux WS (v. 2.1) / SRPMS:
nfs-utils-0.3.3-11.src.rpm

Red Hat Enterprise Linux WS (v. 2.1) / IA-32:
nfs-utils-0.3.3-11.i386.rpm

Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor / SRPMS:
nfs-utils-0.3.3-11.src.rpm

Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor / IA-64:
nfs-utils-0.3.3-11.ia64.rpm
https://rhn.redhat.com/

Standar resources

Property Value
CVE CAN-2004-0946
BID

Other resources

Red Hat Linux Security Advisory RHSA-2004:583
https://rhn.redhat.com/errata/RHSA-2004-583.html

Mandrakesoft Security Advisories MDKSA-2005:005
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:005

Red Hat Linux Security Advisory RHSA-2005:014-04
https://rhn.redhat.com/errata/RHSA-2005-014.html

Version history

Version Comments Date
1.0 Aviso emitido 2004-12-21
1.1 Aviso emitido por Mandrake Linux (MDKSA-2005:005) 2005-01-12
1.2 Nuevo aviso emitido por Red Hat (RHSA-2005:014-04) 2005-01-13
Ministerio de Defensa
CNI
CCN
CCN-CERT