[Please do not set vacation autoreplies to public mail lists. It is
very rude. Please do not tell us our gpg signature is a virus. It is
not. Thank you.]
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: nfs-utils
Affected products: Immunix OS 7+
Bugs fixed: CAN-2003-0252
Date: Mon Jul 14 2003
Advisory ID: IMNX-2003-7+-018-01
Author: Seth Arnold <sarnold (at) immunix (dot) com [email concealed]>
-----------------------------------------------------------------------
Description:
Janusz Niewiadomski has discovered an off-by-one overflow in xlog() in
the nfs-utils package. It is rumoured this bug is exploitable, however
as it writes a single zero byte to memory, an exploit may be difficult
to write.
Because the overflow is so small, StackGuard may not be able to
prevent exploitation of this flaw.
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/nfs-utils-0.3.1-7_
imnx_3.i386.rpm
Source packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/nfs-utils-0.3.1-7
_imnx_3.src.rpm
Immunix OS 7+ md5sums:
61b6c75291f772e6b6fa7f53284a6021 RPMS/nfs-utils-0.3.1-7_imnx_3.i386.rpm
8f1067f0acfe49ba0bb8d88da5bd7f30 SRPMS/nfs-utils-0.3.1-7_imnx_3.src.rpm
GPG verification:
Our public key is available at http://download.immunix.org/GPG_KEY
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security (at) immunix (dot) com. [email concealed]
Immunix attempts to conform to the RFP vulnerability disclosure protocol
http://www.wiretrip.net/rfp/policy.html.
very rude. Please do not tell us our gpg signature is a virus. It is
not. Thank you.]
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: nfs-utils
Affected products: Immunix OS 7+
Bugs fixed: CAN-2003-0252
Date: Mon Jul 14 2003
Advisory ID: IMNX-2003-7+-018-01
Author: Seth Arnold <sarnold (at) immunix (dot) com [email concealed]>
-----------------------------------------------------------------------
Description:
Janusz Niewiadomski has discovered an off-by-one overflow in xlog() in
the nfs-utils package. It is rumoured this bug is exploitable, however
as it writes a single zero byte to memory, an exploit may be difficult
to write.
Because the overflow is so small, StackGuard may not be able to
prevent exploitation of this flaw.
References: http://www.securityfocus.com/archive/1/328946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0252
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/nfs-utils-0.3.1-7_
imnx_3.i386.rpm
Source packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/nfs-utils-0.3.1-7
_imnx_3.src.rpm
Immunix OS 7+ md5sums:
61b6c75291f772e6b6fa7f53284a6021 RPMS/nfs-utils-0.3.1-7_imnx_3.i386.rpm
8f1067f0acfe49ba0bb8d88da5bd7f30 SRPMS/nfs-utils-0.3.1-7_imnx_3.src.rpm
GPG verification:
Our public key is available at http://download.immunix.org/GPG_KEY
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security (at) immunix (dot) com. [email concealed]
Immunix attempts to conform to the RFP vulnerability disclosure protocol
http://www.wiretrip.net/rfp/policy.html.
[ reply ]