Originally Published: Thursday, 18 November 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

RedHat Security Alert - nfs in 4.2 and 5.2

A buffer overflow exists in the user space NFS daemon that shipped with Red Hat Linux 4.2 and 5.2. The length of a path name was not checked on the removal of a directory. If a long enough directory name was created, the buffer holding the pathname would overflow, and the possibility exists that arbitrary code could be executed as the user the NFS server runs as (root). Exploiting this buffer overflow does require read/write access to a share on an affected server.