RHEL 3 : nfs-utils (RHSA-2004:072)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated nfs-utils packages that fix a flaw leading to possible
rpc.mountd crashes are now available.

The nfs-utils package contains the rpc.mountd program, which
implements the NFS mount protocol.

A flaw was discovered in versions of rpc.mountd in nfs-utils versions
after 1.0.3 and prior to 1.0.6. When mounting a directory, rpc.mountd
could crash if the reverse lookup of the client in DNS failed to match
the forward lookup. An attacker who has the ability to mount remote
directories from a server could make use of this flaw to cause a
denial of service by making rpc.mountd crash.

Users are advised to upgrade to these updated packages, which contain
nfs-utils 1.0.6 and is not vulnerable to this issue.

NOTE: Red Hat Enterprise Linux 2.1 includes a version of rpc.mountd
that is not vulnerable to this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2004-0154.html
http://www.kernel.org/pub/linux/utils/nfs/ChangeLog-nfs-utils-1.0.6
http://rhn.redhat.com/errata/RHSA-2004-072.html

Solution :

Update the affected nfs-utils package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12470 ()

Bugtraq ID:

CVE ID: CVE-2004-0154