Skip to navigation

Security Advisory redhat-config-nfs security update

Advisory: RHSA-2004:434-06
Type: Security Advisory
Severity: Low
Issued on: 2004-09-22
Last updated on: 2004-09-22
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2004-0750

Details

An updated redhat-config-nfs package that fixes bugs and potential security
issues is now available for Red Hat Enterprise Linux 3.

The redhat-config-nfs package includes a graphical user interface for
creating, modifying, and deleting nfs shares.

John Buswell discovered a flaw in redhat-config-nfs that could lead to
incorrect permissions on exported shares when exporting to multiple
hosts. This could cause an option such as "all_squash" to not be
applied to all of the listed hosts. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0750 to
this issue.

Additionally, a bug was found that prevented redhat-config-nfs from being
run if hosts didn't have options set in /etc/exports.

All users of redhat-config-nfs are advised to upgrade to these updated
packages as well as checking their NFS shares directly or via the
/etc/exports file for any incorrectly set options.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/public/2703533/redhat-config-nfs/1.0.13-6/SRPMS/redhat-config-nfs-1.0.13-6.src.rpm
Missing file
    MD5: 8ad0200a16439ba6341703e277b6edc0
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/redhat-config-nfs/1.0.13-6/noarch/redhat-config-nfs-1.0.13-6.noarch.rpm
Missing file
    MD5: ddea963341fba763c3bd428f16c8fede
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/redhat-config-nfs/1.0.13-6/noarch/redhat-config-nfs-1.0.13-6.noarch.rpm
Missing file
    MD5: ddea963341fba763c3bd428f16c8fede
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/public/2703533/redhat-config-nfs/1.0.13-6/SRPMS/redhat-config-nfs-1.0.13-6.src.rpm
Missing file
    MD5: 8ad0200a16439ba6341703e277b6edc0
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/redhat-config-nfs/1.0.13-6/noarch/redhat-config-nfs-1.0.13-6.noarch.rpm
Missing file
    MD5: ddea963341fba763c3bd428f16c8fede
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/redhat-config-nfs/1.0.13-6/noarch/redhat-config-nfs-1.0.13-6.noarch.rpm
Missing file
    MD5: ddea963341fba763c3bd428f16c8fede
 
PPC:
ftp://updates.redhat.com/rhn/repository/NULL/redhat-config-nfs/1.0.13-6/noarch/redhat-config-nfs-1.0.13-6.noarch.rpm
Missing file
    MD5: ddea963341fba763c3bd428f16c8fede
 
s390:
ftp://updates.redhat.com/rhn/repository/NULL/redhat-config-nfs/1.0.13-6/noarch/redhat-config-nfs-1.0.13-6.noarch.rpm
Missing file
    MD5: ddea963341fba763c3bd428f16c8fede
 
s390x:
ftp://updates.redhat.com/rhn/repository/NULL/redhat-config-nfs/1.0.13-6/noarch/redhat-config-nfs-1.0.13-6.noarch.rpm
Missing file
    MD5: ddea963341fba763c3bd428f16c8fede
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/redhat-config-nfs/1.0.13-6/noarch/redhat-config-nfs-1.0.13-6.noarch.rpm
Missing file
    MD5: ddea963341fba763c3bd428f16c8fede
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/public/2703533/redhat-config-nfs/1.0.13-6/SRPMS/redhat-config-nfs-1.0.13-6.src.rpm
Missing file
    MD5: 8ad0200a16439ba6341703e277b6edc0
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/redhat-config-nfs/1.0.13-6/noarch/redhat-config-nfs-1.0.13-6.noarch.rpm
Missing file
    MD5: ddea963341fba763c3bd428f16c8fede
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/redhat-config-nfs/1.0.13-6/noarch/redhat-config-nfs-1.0.13-6.noarch.rpm
Missing file
    MD5: ddea963341fba763c3bd428f16c8fede
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/redhat-config-nfs/1.0.13-6/noarch/redhat-config-nfs-1.0.13-6.noarch.rpm
Missing file
    MD5: ddea963341fba763c3bd428f16c8fede
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/public/2703533/redhat-config-nfs/1.0.13-6/SRPMS/redhat-config-nfs-1.0.13-6.src.rpm
Missing file
    MD5: 8ad0200a16439ba6341703e277b6edc0
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/redhat-config-nfs/1.0.13-6/noarch/redhat-config-nfs-1.0.13-6.noarch.rpm
Missing file
    MD5: ddea963341fba763c3bd428f16c8fede
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/redhat-config-nfs/1.0.13-6/noarch/redhat-config-nfs-1.0.13-6.noarch.rpm
Missing file
    MD5: ddea963341fba763c3bd428f16c8fede
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/redhat-config-nfs/1.0.13-6/noarch/redhat-config-nfs-1.0.13-6.noarch.rpm
Missing file
    MD5: ddea963341fba763c3bd428f16c8fede
 

Bugs fixed (see bugzilla for more information)

107997 - CAN-2004-0750 [PATCH] /etc/exports has incorrect syntax for multiple hosts with a single mount point


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/