From security-announce@turbolinux.co.jp Wed Jul 23 15:03:21 2003 From: Turbolinux Resent-From: security-announce@turbolinux.co.jp To: security-announce@turbolinux.co.jp Resent-To: server-users-e@turbolinux.co.jp (moderated) Date: Wed, 23 Jul 2003 14:45:50 +0900 Reply-To: server-users-e@turbolinux.co.jp Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 23/Jul/2003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 23/Jul/2003 ============================================================ The following page contains the security information of Turbolinux Inc. - Turbolinux Security Center http://www.turbolinux.com/security/ (1) ypserv -> Ypserv denial of service attack =========================================================== * nfs-utils -> nfs-utils xlog() off-by-one bug =========================================================== More information : The nfs-utils package provides a daemon for the kernel NFS server and related tools. The logging code in nfs-utils contains an off-by-one buffer overrun when adding a newline to the string being logged. Impact : This vulnerability may allow an attacker to execute arbitrary code or cause a denial of service condition by sending certain RPC requests. Affected Products : - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation - Turbolinux Server 6.5 - Turbolinux Advanced Server 6 - Turbolinux Server 6.1 - Turbolinux Workstation 6.0 Solution : Please use turbopkg tool to apply the update. Source Packages Size : MD5 nfs-utils-0.3.1-5.src.rpm 301972 be1815824c75a18fac57c7fd51de68f9 Binary Packages Size : MD5 nfs-utils-0.3.1-5.i586.rpm 167987 e7f2f56bc6ede4c00604eb57aba483e7 Source Packages Size : MD5 nfs-utils-0.3.1-5.src.rpm 301972 8b974af4125a75bbbee1f4e700581861 Binary Packages Size : MD5 nfs-utils-0.3.1-5.i586.rpm 168119 992595dc1892e26ed980c0b09c6acad6 Source Packages Size : MD5 nfs-utils-0.3.1-5.src.rpm 301972 0ebe00517b5dd438cc21089a02de882c Binary Packages Size : MD5 nfs-utils-0.3.1-5.i586.rpm 166847 7e0caf9f28efd87012f99e3e1698e6b7 Source Packages Size : MD5 nfs-utils-0.3.1-5.src.rpm 301972 16a086dd6c70bfd0d231102a63cee6aa Binary Packages Size : MD5 nfs-utils-0.3.1-5.i586.rpm 166931 1149eb56423ec66c5d30fa2e8fa7799a Source Packages Size : MD5 nfs-utils-0.2.1-10.src.rpm 293899 2b85ea4e58b198bd1f33549b0371c997 Binary Packages Size : MD5 nfs-utils-0.2.1-10.i386.rpm 182779 bce0fefb732e69fbf976d09cb789ea0f Source Packages Size : MD5 nfs-utils-0.2.1-10.src.rpm 293899 7823e2a533c91a30d9deaeecce2cf402 Binary Packages Size : MD5 nfs-utils-0.2.1-10.i386.rpm 182723 88a0bd90e5c177f45d465ffb9e2b9ff7 Source Packages Size : MD5 nfs-utils-0.2.1-10.src.rpm 293899 a2606b07141f0c61eda40b268e2e9d24 Binary Packages Size : MD5 nfs-utils-0.2.1-10.i386.rpm 182624 d860de56917633f8cebb582fe8618b01 Source Packages Size : MD5 nfs-utils-0.2.1-10.src.rpm 293899 07428e4989ad861e53b1a697e0c5acd2 Binary Packages Size : MD5 nfs-utils-0.2.1-10.i386.rpm 182697 d7c5d6d52dcd6a7ea86a2266d0ea71ea References : CVE [CAN-2003-0252] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0252 * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/HiEiK0LzjOqIJMwRAnrCAJ4lQKLxle+jiboY41TWLs4CzDXTBACgg2dz 9f1CdgxbUwHRNJlxk4zHFNI= =sgTK -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html