-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1997.17: Vulnerability in nfs-server

Caldera Security Advisory SA-1997.17

Topic: Vulnerability in nfs-server package

I. Problem Description

  The rpc.mountd would let the client know whether a specific file
  exists, even if the client is not allowed to mount it.

  The test to determine if rpc.mountd will give away some information
  is as follows:

mount test:/usr/lib /mnt
mount test:/usr/lib failed, reason given by server: Permission denied
mount test:/usr/libs /mnt
mount: test:/usr/libs failed, reason given by server: No such file or directory

II. Impact
  As seen above you can analyse, through testing, what is installed
  on another system. This is a minor security problem.

  The nfs-server packages distributed on the following OpenLinux
  releases are vulnerable:
    CND 1.0
    Base 1.0
    Lite 1.1
    Base 1.1
    Standard 1.1

  This new nfs-server has been found to function properly on all of
  the distributions shown above.

III. Solution

  Install the new nfs-server-2.2beta29-1 packages, as described below.
  These packages are located on Caldera's FTP server (ftp.caldera.com):

  ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/

  To install the update use the following commands:
    /etc/rc.d/init.d/nfs stop
    rpm -U RPMS/nfs-server-2.2beta29-1.i386.rpm
    rpm -U RPMS/nfs-server-clients-2.2beta29-1.i386.rpm
    /etc/rc.d/init.d/nfs start

  Note:
  If you are running on CND 1.0 you must first obtain and properly
  install the rpm-upgrade-0.9-1.i386.rpm. This will allow you to
  use rpm's built for the OpenLinux releases. This rpm upgrade can
  be found at ftp.caldera.com under /pub/cnd-1.0/updates .

IV. References / Credits

  Fixes a security problem reported on "bugtraq" as referenced below:
    Re: NFS/mountd minor bug
    Brian Mitchell (brian@saturn.net)
    Thu, 5 Dec 1996 11:07:31 -0600 

  This and other Caldera security resources are located at:

    http://www.caldera.com/tech-ref/security/

V. PGP Signature

  This message was signed with the PGP key for <security@caldera.com>.

  This key can be obtained from:
    ftp://ftp.caldera.com/pub/pgp-keys/

  Or on an OpenLinux CDROM under:
    /OpenLinux/pgp-keys/

  $Id: SA-1997.17,v 1.1 1997/09/09 17:39:06 ron Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBNBWJ9en+9R4958LpAQEqjAP/Xg6qUw3UKiuHUqpGtIb5DaPzPT+0q5KH
6T0KukJ2w65XUL13Ak97NwJhPFKFYBjQYAEKr5DHKvGNNe65XJLU2MfmPOpHlUKj
cbuKdC4OPzNpFyoyQ3RbGxjG9dbzuZ4O3Ah+jdtqlt4mYzPGTEYji+7URm43rEap
D25rnPpKstA=
=13pX
-----END PGP SIGNATURE-----