-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		buffer overflow in NFS daemon
Advisory number: 	CSSA-1999-033.0
Issue date: 		1999 November, 10
Cross reference:
______________________________________________________________________________


1. Problem Description

   A buffer overflow was discovered in the Linux user space NFS daemon
   that allows an attacker to obtain root privilege on the NFS server
   host.

   In order to exploit the bug, the attacker must have access to a file
   systems exported read/write by the server machine.

2. Vulnerable Versions

   Systems : up to COL 2.3
   Packages: up to nfs-server-2.2beta44-3

3. Solutions

   The proper solution is to upgrade to the latest packages

   	rpm -U nfs-server-2.2beta47-2.i386.rpm
	rpm -U nfs-2.2beta47-2.i386.rpm

4. Location of Fixed Packages

   The upgrade packages can be found on Caldera's FTP site at:

   ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.3/current/RPMS/

   The corresponding source code package can be found at:

   ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.3/current/SRPMS/

5. Installing Fixed Packages

   Upgrade the affected packages with the following commands:

        rpm -U nfs-server-2.2beta47-2.i386.rpm
        rpm -U nfs-2.2beta47-2.i386.rpm

6. Verification

   9e84ed5eb44187b0eb56e013099f6ac1  RPMS/nfs-2.2beta47-2.i386.rpm
   0cab4329b10874c5338329565d056c9e  RPMS/nfs-server-2.2beta47-2.i386.rpm
   c3ad63c0507033c8a8d401dbd4eb57a2  SRPMS/nfs-server-2.2beta47-2.src.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 5243.

8. Disclaimer
   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBOCl6Jun+9R4958LpAQGQLAP9HEF1fFTpzozOR1raBtQkfS0xTpNsyEsP
Rr53H0Lr83wPBzw7LkVVQjA4uGwGNMKBdzvn9d2oLdAuZz67jv5Q8Ju/hgbXOVvB
ScQ75Qlp20XQsEuUQMEZaAoNDrp1Fy5pIX8Ckiu+n5MtENhZPAqtqUhhOlSDv3Dh
gnm/79Zm/bI=
=VgR7
-----END PGP SIGNATURE-----