• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Linux nfsd Remote Buffer Overflow Vulnerability

Solution:
A temporary solution is to remove the setuid bit from nfsd and/or stop the nfsd service.

A more long term solution is to upgrade to the newest version of nfsd for linux, since this has been fixed.

Slackware 4.0:

ftp.cdrom.com:/pub/linux/slackware-4.0/patches/nfs-server.tgz

Slackware 7.0:

ftp.cdrom.com:/pub/linux/slackware-7.0/patches/nfs-server.tgz

Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.