|Product:||[Retired] Red Hat Linux||Reporter:||atsekhan|
|Component:||nfs-server||Assignee:||David Lawrence <dkl>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||1999-01-28 15:43:13 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description atsekhan 1999-01-28 00:56:14 UTC
It appears that NFS server and/or client and/or MOUNTD has a security bug which allows an intruder to add shell accounts to the /etc/passwd file. We had an attemted breakin stopped only after the intruder tripped certain security measures installed on the machine, but AFTER successfull unauthorized login. The NFS server was installed and running even though NOTHING was shared through the NFS. If you need more info on the subject, please contact Alex Tsekhansky @ email@example.com If this is a known bug, I would appreciate the info on the fix.
Comment 1 Bill Nottingham 1999-01-28 15:43:59 UTC
upgrade to the latest nfs-* from the errata.