Debian Security Advisory
nfs-server -- buffer overflow in the NFS server
- Date Reported:
- 11 Nov 1999
- Affected Packages:
- nfs-server
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-1999-0832.
- More information:
-
The version of nfs-server that was distributed in Debian
GNU/Linux 2.1 had a buffer overflow in fh_buildpath(). It assumed that the
total length of a path would never exceed (PATH_MAX_NAME_MAX). With a
read/write exported directory, people could create longer paths and cause a
buffer overflow.
This has been addressed in version 2.2beta37-1slink.1, and we recommend you upgrade your nfs-server package immediately.
- Fixed in:
-
- Source:
- http://security.debian.org/dists/slink/updates/source/nfs-server_2.2beta37-1slink.1.diff.gz
- http://security.debian.org/dists/slink/updates/source/nfs-server_2.2beta37-1slink.1.dsc
- http://security.debian.org/dists/slink/updates/source/nfs-server_2.2beta37.orig.tar.gz
- Alpha:
- http://security.debian.org/dists/slink/updates/binary-alpha/nfs-server_2.2beta37-1slink.1_alpha.deb
- i386:
- http://security.debian.org/dists/slink/updates/binary-i386/nfs-server_2.2beta37-1slink.1_i386.deb
- m68k:
- http://security.debian.org/dists/slink/updates/binary-m68k/nfs-server_2.2beta37-1slink.1_m68k.deb
- Sparc:
- http://security.debian.org/dists/slink/updates/binary-sparc/nfs-server_2.2beta37-1slink.1_sparc.deb