Mandriva issued this advisory on December 12: http://lists.mandriva.com/security-announce/2011-12/msg00008.php Their update applied to nfs-utils 1.2.2 from MDV 2010.2. Mageia 1 has nfs-utils 1.2.3, so I'm not sure whether it is affected by this vulnerability. There is no information on the CVE page.
Suggested advisory: ======================== Updated nfs-utils packages fix a security vulnerability: It was found that the mount.nfs tool did not handle certain errors correctly when updating the mtab (mounted file systems table) file. A local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1749) References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1749 https://rhn.redhat.com/errata/RHSA-2011-1534.html http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2011:186 https://bugzilla.redhat.com/show_bug.cgi?id=697975 ======================== Updated packages in core/updates_testing: ===================== nfs-utils-1.2.3-2.1.mga1 nfs-utils-clients-1.2.3-2.1.mga1 from nfs-utils-1.2.3-2.1.mga1 src.rpm. ===================== No testcase.
Keywords: (none) => SecurityStatus: NEW => ASSIGNEDCC: (none) => anssi.hannulaHardware: i586 => AllAssignee: bugsquad => qa-bugs
Tested successfully on i586. Tested nfs-utils by sharing a directory over NFS and mounting on another machine. Tested nfs-utils-clients by mounting a directory shared by another machine over NFS. One strange thing is after starting nfs-server it takes a couple of minutes before a remote client machine can list the contents of an NFS mounted directory from the server, but this is also true with the mga1/core/release version, so it is not a regression.
x86_64 Looking at the logs, DrakNFS (which shows as diskdrake in the log) uses mount -t nfs rather than mount.nfs. As the CVE refers to mount.nfs testing with this directly instead. Shared a directory on a separate machine with draknfs and restarted the nfs-server. Watching syslog I noticed.. Jan 13 12:54:02 localhost kernel: NFSD: starting 90-second grace period ..Which is probably the reason for the delay David noticed. The following 2 packages are going to be installed: - nfs-utils-1.2.3-2.1.mga1.x86_64 - nfs-utils-clients-1.2.3-2.1.mga1.x86_64 # umount /mnt/test # mount.nfs 192.168.1.60:/home/claire/test /mnt/test -w -v -o rsize=8192,wsize=8192,nosuid,soft mount.nfs: timeout set for Fri Jan 13 13:13:53 2012 mount.nfs: trying text-based options 'rsize=8192,wsize=8192,soft,vers=4,addr=192.168.1.60,clientaddr=192.168.1.110' 192.168.1.60:/home/claire/test on /mnt/test type nfs (rsize=8192,wsize=8192,nosuid,soft) I took the command from the output of diskdrake but using mount.nfs instead $ touch /mnt/test/touched2 $ ll /mnt/test total 8 -rw-rw-r-- 1 4294967294 4294967294 2 Jan 13 12:21 test1 drwxrwxr-x 2 4294967294 4294967294 4096 Jan 13 13:03 test2/ -rw-rw-r-- 1 4294967294 4294967294 0 Jan 13 12:23 touched -rw-rw-r-- 1 4294967294 4294967294 0 Jan 13 13:19 touched2 $ touch /mnt/test/test2/touched2 $ ll /mnt/test/test2 total 0 -rw-rw-r-- 1 4294967294 4294967294 0 Jan 13 13:03 touched -rw-rw-r-- 1 4294967294 4294967294 0 Jan 13 13:20 touched2 Tested nfs-server using the same procedure from the other end. This shows ownership as nobody/nogroup so not sure why it would show as 4294967294 the other way. Other than that, no issues noticed.
The above issue is not a regression and doesn't seem to affect it in use so I think it's safe to validate the security fix. advisory: ======================== Updated nfs-utils packages fix a security vulnerability: It was found that the mount.nfs tool did not handle certain errors correctly when updating the mtab (mounted file systems table) file. A local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1749) References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1749 https://rhn.redhat.com/errata/RHSA-2011-1534.html http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2011:186 https://bugzilla.redhat.com/show_bug.cgi?id=697975 ======================== SRPM: nfs-utils-1.2.3-2.1.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
update pushed
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED