Revised advisory: Updated package for nfs-utils available

This is an updated of RHSA-2000:043 that contains further
upgrade instructions.

The rpc.statd daemon in the nfs-utils package shipped in Red Hat
Linux 6.0, 6.1, and 6.2 contains a flaw that could lead to a
remote root break-in.

The rpc.statd daemon shipped in Red Hat Linux 6.0, 6.1, and 6.2
contains a flaw that could lead to a remote root break-in.
Version 0.1.9.1 of the nfs-utils package corrects the problem.
Although there is no known exploit for the flaw in rpc.statd,
Red Hat urges all users running rpc.statd to upgrade to
the new nfs-utils package.

Users should note that in Red Hat Linux 6.0 and 6.1 the rpc.statd
daemon was in the knfsd-clients package. The nfs-utils package
replaces both the knfsd and knfsd-clients packages shipped in
Red Hat Linux 6.0 and 6.1.

On systems running a kernel older than 2.2.16-3, users should
also take this opportunity to upgrade to the latest kernel
release.

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

After installing the new nfs-utils package, the rpc.statd service
must be restarted. To do this, run:

/etc/rc.d/init.d/nfslock restart

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0666
N/A

compromise