Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2004.0763 -- Debian Security Advisory DSA 606-1 New nfs-utils packages fix denial of service 9 December 2004 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: nfs-utils Publisher: Debian Operating System: Debian GNU/Linux 3.0 Linux variants Impact: Denial of Service Access: Remote/Unauthenticated CVE Names: CAN-2004-1041 Original Bulletin: http://www.debian.org/security/2004/dsa-606 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------------- Debian Security Advisory DSA 606-1 security@debian.org http://www.debian.org/security/ Martin Schulze December 8th, 2004 http://www.debian.org/security/faq - - -------------------------------------------------------------------------- Package : nfs-utils Vulnerability : wrong signal handler Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-1014 SGI has discovered that rpc.statd from the nfs-utils package, the Network Status Monitor, did not ignore the "SIGPIPE". Hence, a client prematurely terminating the TCP connection could also terminate the server process. For the stable distribution (woody) this problem has been fixed in version 1.0-2woody2. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your nfs-utils package. Upgrade Instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-utils_1.0-2woody3.dsc Size/MD5 checksum: 547 3130d22c0276d04624c6f2d1a11c8303 http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-utils_1.0-2woody3.tar.gz Size/MD5 checksum: 241106 1ad532739493eb1e75a8398b34d1ad7d Alpha architecture: http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_alpha.deb Size/MD5 checksum: 52842 015c232faf3cee96a5c3a54678c59977 http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_alpha.deb Size/MD5 checksum: 79518 b4f4190c36fef9a93a2082bffd0e4d84 http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_alpha.deb Size/MD5 checksum: 36782 6dd2f841d3e11784d2c8d1b4bd07dfd3 ARM architecture: http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_arm.deb Size/MD5 checksum: 44942 6c5f08da6424e097c8f1d8d4707f438f http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_arm.deb Size/MD5 checksum: 67632 8de496b9ec85c6c7701936d53c54d8c4 http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_arm.deb Size/MD5 checksum: 34466 d76dba5e7e3959106a5ae61546d10ca0 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_i386.deb Size/MD5 checksum: 44522 7f7420ee316712a6c8fdb84ad38c3423 http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_i386.deb Size/MD5 checksum: 66702 101b0a737c55fd410b004183e7d40cd5 http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_i386.deb Size/MD5 checksum: 33584 e52f4cec67c9857cc495271bc3b41b66 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_ia64.deb Size/MD5 checksum: 59118 9fe256ee1e7df20f0e9fb1b7e703c39d http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_ia64.deb Size/MD5 checksum: 93468 659c7cca40d3af68caa1763e09346518 http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_ia64.deb Size/MD5 checksum: 41600 07dfa5bccb3398586771c3ad59cdfdda HP Precision architecture: http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_hppa.deb Size/MD5 checksum: 50050 8e4f64ec9e32a6cb911ebe80ee3b3a8f http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_hppa.deb Size/MD5 checksum: 75046 a5ad5228b08feb37f8cdf2550b45af01 http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_hppa.deb Size/MD5 checksum: 36878 5f4742217e7755bab6a004995c0722f3 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_m68k.deb Size/MD5 checksum: 43686 90559b02e9b9984d971355068fbc2d6c http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_m68k.deb Size/MD5 checksum: 64354 0ac16c01b567116927527f21552c187a http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_m68k.deb Size/MD5 checksum: 33302 d7e808ebf28a8825ee7e208dac71328c Big endian MIPS architecture: http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_mips.deb Size/MD5 checksum: 47664 69f1a8ba05ecb0464d4c7ed2e61e9532 http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_mips.deb Size/MD5 checksum: 74858 f7ca8e3b86290eb46c607b7148fcc5a0 http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_mips.deb Size/MD5 checksum: 35798 9735fe0cca23043317622a5cf3bc29cd Little endian MIPS architecture: http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_mipsel.deb Size/MD5 checksum: 47830 9de4abc7f659345aff33d2dd4a4b344f http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_mipsel.deb Size/MD5 checksum: 74918 2d20c2421b7108b767dcc500da0735a0 http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_mipsel.deb Size/MD5 checksum: 35730 efde5bc0a8395d54ad5bfe7f41a3a4a4 PowerPC architecture: http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_powerpc.deb Size/MD5 checksum: 45964 1169d5e000ce060eb93814eac3a37f4f http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_powerpc.deb Size/MD5 checksum: 69066 81a6c1defb8c99555bbe6e4448175be4 http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_powerpc.deb Size/MD5 checksum: 34536 23638627fbed5fa65351906c21da83ba IBM S/390 architecture: http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_s390.deb Size/MD5 checksum: 46148 b9f22c5ba045f822f7c32e63266c939c http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_s390.deb Size/MD5 checksum: 70118 19bf493ac9b9481dc9aa39b670c73ed2 http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_s390.deb Size/MD5 checksum: 34662 7b2570d55a49a79cc54d4b613d38ef94 Sun Sparc architecture: http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_sparc.deb Size/MD5 checksum: 52116 a44018d8bfd17f534fc53f83fd8cafd0 http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_sparc.deb Size/MD5 checksum: 76376 89f60dd027bf843aace78e0ddfe22ec3 http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_sparc.deb Size/MD5 checksum: 37054 490c89a13f6f68715f619069f5a7a5ce These files will probably be moved into the stable distribution on its next update. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBtrNAW5ql+IAeqTIRAtcgAJ9Ih8putjIZVxU+J8wdovQ6gy3FMQCeINTY rLEeCjeeMbBqoHP98IbgQOg= =bcmJ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQbeSWSh9+71yA2DNAQIqUgQAkUfF8Fp4YEknkSLUpl1bPnQXz1ywPNgN edlft6T0NtIDW8iowng2t4R1EcIeBj7+J1N6dwFGtidQfs8gAiNqwTY0Ws8NN3+E ODRNrLTXVBAngwl7w3SlBjK/G7VCrgbfo4Qrgt3dAqD5KbejS6/+BEp07qZcOQp8 UBRimgt0Ykg= =6cwz -----END PGP SIGNATURE-----