Skip Quicknav

• About Debian
• News
• Getting Debian
• Support
• Developers' Corner
• Site map
• Search

Debian Security Advisory

nfs-server -- buffer overflow in the NFS server

Date Reported:

11 Nov 1999

Affected Packages:

nfs-server

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-1999-0832.

More information:

The version of nfs-server that was distributed in Debian GNU/Linux 2.1 had a buffer overflow in fh_buildpath(). It assumed that the total length of a path would never exceed (PATH_MAX_NAME_MAX). With a read/write exported directory, people could create longer paths and cause a buffer overflow.

This has been addressed in version 2.2beta37-1slink.1, and we recommend you upgrade your nfs-server package immediately.

Fixed in:

Source:

http://security.debian.org/dists/slink/updates/source/nfs-server_2.2beta37-1slink.1.diff.gz

http://security.debian.org/dists/slink/updates/source/nfs-server_2.2beta37-1slink.1.dsc

http://security.debian.org/dists/slink/updates/source/nfs-server_2.2beta37.orig.tar.gz

Alpha:

http://security.debian.org/dists/slink/updates/binary-alpha/nfs-server_2.2beta37-1slink.1_alpha.deb

i386:

http://security.debian.org/dists/slink/updates/binary-i386/nfs-server_2.2beta37-1slink.1_i386.deb

m68k:

http://security.debian.org/dists/slink/updates/binary-m68k/nfs-server_2.2beta37-1slink.1_m68k.deb

Sparc:

http://security.debian.org/dists/slink/updates/binary-sparc/nfs-server_2.2beta37-1slink.1_sparc.deb

This page is also available in the following languages:

Deutsch español français hrvatski 日本語 (Nihongo) svenska

How to set the default document language