-----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory SA-1997.17: Vulnerability in nfs-server Caldera Security Advisory SA-1997.17 Topic: Vulnerability in nfs-server package I. Problem Description The rpc.mountd would let the client know whether a specific file exists, even if the client is not allowed to mount it. The test to determine if rpc.mountd will give away some information is as follows: mount test:/usr/lib /mnt mount test:/usr/lib failed, reason given by server: Permission denied mount test:/usr/libs /mnt mount: test:/usr/libs failed, reason given by server: No such file or directory II. Impact As seen above you can analyse, through testing, what is installed on another system. This is a minor security problem. The nfs-server packages distributed on the following OpenLinux releases are vulnerable: CND 1.0 Base 1.0 Lite 1.1 Base 1.1 Standard 1.1 This new nfs-server has been found to function properly on all of the distributions shown above. III. Solution Install the new nfs-server-2.2beta29-1 packages, as described below. These packages are located on Caldera's FTP server (ftp.caldera.com): ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/ To install the update use the following commands: /etc/rc.d/init.d/nfs stop rpm -U RPMS/nfs-server-2.2beta29-1.i386.rpm rpm -U RPMS/nfs-server-clients-2.2beta29-1.i386.rpm /etc/rc.d/init.d/nfs start Note: If you are running on CND 1.0 you must first obtain and properly install the rpm-upgrade-0.9-1.i386.rpm. This will allow you to use rpm's built for the OpenLinux releases. This rpm upgrade can be found at ftp.caldera.com under /pub/cnd-1.0/updates . IV. References / Credits Fixes a security problem reported on "bugtraq" as referenced below: Re: NFS/mountd minor bug Brian Mitchell (brian@saturn.net) Thu, 5 Dec 1996 11:07:31 -0600 This and other Caldera security resources are located at: http://www.caldera.com/tech-ref/security/ V. PGP Signature This message was signed with the PGP key for . This key can be obtained from: ftp://ftp.caldera.com/pub/pgp-keys/ Or on an OpenLinux CDROM under: /OpenLinux/pgp-keys/ $Id: SA-1997.17,v 1.1 1997/09/09 17:39:06 ron Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBNBWJ9en+9R4958LpAQEqjAP/Xg6qUw3UKiuHUqpGtIb5DaPzPT+0q5KH 6T0KukJ2w65XUL13Ak97NwJhPFKFYBjQYAEKr5DHKvGNNe65XJLU2MfmPOpHlUKj cbuKdC4OPzNpFyoyQ3RbGxjG9dbzuZ4O3Ah+jdtqlt4mYzPGTEYji+7URm43rEap D25rnPpKstA= =13pX -----END PGP SIGNATURE-----