this is a forward... >Date: Mon, 21 Dec 1998 11:05:05 -0600 (CST) >From: "Joseph E. Trent" <[EMAIL PROTECTED]> >To: Chris McCraw <[EMAIL PROTECTED]>, Omar El-Domeiri <[EMAIL PROTECTED]> >Subject: Mountd attacks > >You might want to pass this along if it hasn't been brought up (I had to >remove myself form siglinux traffic.) It appears there are currently a few >people scanning those logged into telesys. The current target appears to >be mountd buffer overflow stuff. > >FYI, >Joseph > >"one who eats corn while dancing." to clarify his statement a little...there has been discovered a NEW vulnerability in the linux nfs code. you need to upgrade your *kernel* to 2.0.36. there is an older mountd buffer overflow which can be fixed (in redhat5.1 and under) with an upgraded nfs package, see: http://www.redhat.com/support/docs/rhl/rh51-errata-general.html#NFS for more info (this DOES apply to 5.0 and 4.2 as well altho they probably have their own packages, at least 4.2 does) (NOTE that you need BOTH fixes on 5.1 and less machines, that are nfs servers or run the daemons) folks, if you have a computer on the network AT ALL it is getting entirely too easy for outside lamers to scan all of UT with just a few keystrokes. you really need to keep up with security patches; if you run redhat i highly recommend subscribing to the very low traffic redhat-watch list, which announces problems (and fixes) as soon as redhat is aware of them (well perhaps there is a delay of a few hours while they fix the source..) mail [EMAIL PROTECTED] with a SUBJECT of subscribe. may the source be with you. --------------------------------------------------------------------------- Send administrative requests to [EMAIL PROTECTED]
