Rapid7 Vulnerability & Exploit Database

RHSA-2000:043: Revised advisory: Updated package for nfs-utils available

Back to Search

RHSA-2000:043: Revised advisory: Updated package for nfs-utils available

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
07/16/2000
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

This is an updated of RHSA-2000:043 that contains further upgrade instructions. The rpc.statd daemon in the nfs-utils package shipped in Red Hat Linux 6.0, 6.1, and 6.2 contains a flaw that could lead to a remote root break-in.

The rpc.statd daemon shipped in Red Hat Linux 6.0, 6.1, and 6.2 contains a flaw that could lead to a remote root break-in. Version 0.1.9.1 of the nfs-utils package corrects the problem. Although there is no known exploit for the flaw in rpc.statd, Red Hat urges all users running rpc.statd to upgrade to the new nfs-utils package. Users should note that in Red Hat Linux 6.0 and 6.1 the rpc.statd daemon was in the knfsd-clients package. The nfs-utils package replaces both the knfsd and knfsd-clients packages shipped in Red Hat Linux 6.0 and 6.1. On systems running a kernel older than 2.2.16-3, users should also take this opportunity to upgrade to the latest kernel release.

Solution(s)

  • redhat-upgrade-nfs-utils

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;