Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 980

Summary: NFS/MOUNTD problem?
Product: [Retired] Red Hat Linux Reporter: atsekhan
Component: nfs-serverAssignee: David Lawrence <dkl>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5.1Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.redhat.com/errata
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-01-28 15:43:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description atsekhan 1999-01-28 00:56:14 UTC
It appears that NFS server and/or client and/or MOUNTD has
a security bug which allows an intruder to add shell
accounts to the /etc/passwd file. We had an attemted
breakin stopped only after the intruder tripped certain
security measures installed on the machine, but AFTER
successfull unauthorized login.
The NFS server was installed and running even though
NOTHING was shared through the NFS.

If you need more info on the subject, please contact
Alex Tsekhansky @

atsekhan@conklin-inc.com

If this is a known bug, I would appreciate the info on the
fix.

Comment 1 Bill Nottingham 1999-01-28 15:43:59 UTC
upgrade to the latest nfs-* from the errata.