From: firstname.lastname@example.org (Neil F. Brown)
To: email@example.com, firstname.lastname@example.org
Cc: Janusz Niewiadomski <email@example.com>
Subject: ANNOUNCE: nfs-utils 1.0.4
Date: Tue, 15 Jul 2003 03:00:01 +1000 [thread overview]
Message-ID: <firstname.lastname@example.org> (raw)
This release of nfs-utils contains:
1/ Fix for a remotely exploitable buffer-overflow bug.
2/ assorted minor bug fixes
3/ Extensive changes to make use of new functionality in linux-2.6.0 nfsd
nfs-utils 1.0.4 can be downloaded from
I consider this release to be a pre-release for 1.1.0 which I hope to
release before linux-2.6.0-final. Bug reports are very welcome.
1/ A buffer-overflow bug was found by
iSEC Security Research
It is trivially exploitable to effect a remote denial of service.
More subtle exploits may be possible.
I recommend that all users of nfs-utils either:
1/ upgrade to 1.0.4
2/ Get an update from their vendor (most vendors should have an
I also recommend that all NFS services be protected from the
internet-at-large by a firewall where that is possible.
2/ See the change log in the source for details on bug fixes.
3/ In 2.4 and earlier kernels, the nfs server needed to know about any
client that expected to be able to access files via NFS. This
information would be given to the kernel by "mountd" when the client
mounted the filesystem, or by "exportfs" at system startup. exportfs
would take information about active clients from /var/lib/nfs/rmtab.
This approach is quite fragile as it depends on rmtab being correct
which is not always easy, particularly when trying to implement
fail-over. Even when the system is working well, rmtab suffers from
getting lots of old entries that never get removed.
With 2.6 we have the option of having the kernel tell mountd when it
gets a request from an unknown host, and mountd can give appropriate
export information to the kernel. This removes the dependancy on
rmtab and means that the kernel only needs to know about currently
To enable this new functionality, you need to:
mount -t nfsd nfsd /proc/fs/nfs
before running exportfs or mountd.
If you are using 2.6.0-testX and exporting files with NFS *please*
test this out and let me know of any problems.
NeilBrown - July 2003
next reply other threads:[~2003-07-14 16:47 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-14 17:00 Neil F. Brown [this message]
2003-07-14 19:34 ` ANNOUNCE: nfs-utils 1.0.4 Steven Cole
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).