Your message dated Sat, 28 Jan 2006 08:47:06 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#350020: fixed in nfs-user-server 2.2beta47-22
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 26 Jan 2006 16:48:17 +0000
>From [EMAIL PROTECTED] Thu Jan 26 08:48:17 2006
Return-path: <[EMAIL PROTECTED]>
Received: from mail.enyo.de ([212.9.189.167])
by spohr.debian.org with esmtp (Exim 4.50)
id 1F2AID-0001wn-2Y
for [EMAIL PROTECTED]; Thu, 26 Jan 2006 08:48:17 -0800
Received: from deneb.vpn.enyo.de ([212.9.189.177] helo=deneb.enyo.de)
by mail.enyo.de with esmtp id 1F2AIB-0000r2-TU
for [EMAIL PROTECTED]; Thu, 26 Jan 2006 17:48:15 +0100
Received: from fw by deneb.enyo.de with local (Exim 4.60)
(envelope-from <[EMAIL PROTECTED]>)
id 1F2AIB-0007hx-51
for [EMAIL PROTECTED]; Thu, 26 Jan 2006 17:48:15 +0100
From: Florian Weimer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: realpath()-related buffer overflow in rpc.mountd [CVE-2006-0043]
Date: Thu, 26 Jan 2006 17:48:15 +0100
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: nfs-user-server
Severity: critical
Tags: security
>From SuSE Security Announcement SUSE-SA:2006:005:
An remotely exploitable problem exists in the rpc.mountd service in
the user space NFS server package "nfs-server".
Insufficient buffer space supplied to the realpath() function
when processing mount requests can lead to a buffer overflow in
the rpc.mountd and allows remote attackers to execute code as the
root user.
Code execution is definitely possible if the attacker can create
symlinks on any of the file systems on the machine running rpc.mountd
(/tmp , /home/attacker or similar).
For attackers without filesystem access code execution is potentially
possible.
NOTE:
The "nfs-server" package is obsolete and has been replaced by the
"nfs-utils" package (kernel NFS server) in all currently supported
SUSE Linux products already and is only included for completeness.
The "nfs-utils" package itself is NOT affected by this problem.
This issue is tracked by the Mitre CVE ID CVE-2006-0043.
---------------------------------------
Received: (at 350020-close) by bugs.debian.org; 28 Jan 2006 16:50:22 +0000
>From [EMAIL PROTECTED] Sat Jan 28 08:50:22 2006
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1F2tEA-0001W1-O5; Sat, 28 Jan 2006 08:47:06 -0800
From: Daniel Baumann <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#350020: fixed in nfs-user-server 2.2beta47-22
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 28 Jan 2006 08:47:06 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: nfs-user-server
Source-Version: 2.2beta47-22
We believe that the bug you reported is fixed in the latest version of
nfs-user-server, which is due to be installed in the Debian FTP archive:
nfs-user-server_2.2beta47-22.diff.gz
to pool/main/n/nfs-user-server/nfs-user-server_2.2beta47-22.diff.gz
nfs-user-server_2.2beta47-22.dsc
to pool/main/n/nfs-user-server/nfs-user-server_2.2beta47-22.dsc
nfs-user-server_2.2beta47-22_i386.deb
to pool/main/n/nfs-user-server/nfs-user-server_2.2beta47-22_i386.deb
ugidd_2.2beta47-22_i386.deb
to pool/main/n/nfs-user-server/ugidd_2.2beta47-22_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Baumann <[EMAIL PROTECTED]> (supplier of updated nfs-user-server package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 28 Jan 2006 13:22:00 +0100
Source: nfs-user-server
Binary: nfs-user-server ugidd
Architecture: source i386
Version: 2.2beta47-22
Distribution: unstable
Urgency: high
Maintainer: Daniel Baumann <[EMAIL PROTECTED]>
Changed-By: Daniel Baumann <[EMAIL PROTECTED]>
Description:
nfs-user-server - User space NFS server
ugidd - NFS UID mapping daemon
Closes: 350020
Changes:
nfs-user-server (2.2beta47-22) unstable; urgency=high
.
* mountd.c: added patch from suse to fix realpath()-related buffer overflow
in rpc.mountd [CVE-2006-0043] (Closes: #350020).
Files:
0d4cf5b66b88d04ffe8e11b18b4752ae 661 net optional
nfs-user-server_2.2beta47-22.dsc
57d929761180969e62acf4b54f16eec4 12340 net optional
nfs-user-server_2.2beta47-22.diff.gz
656d92c36f90f025682b158c65df5ac9 104752 net extra
nfs-user-server_2.2beta47-22_i386.deb
dd69024b945d3c49f335f65673ff7f80 27486 net optional ugidd_2.2beta47-22_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD253yxa93SlhRC1oRAmOZAKDRkL4jfueouQ213uOtNkU0JgsmpQCg9ugD
mfEwwRYuXgr/yyTzSaCPFmI=
=KKfq
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
