Rule:

--
Sid: 317

--
Summary:
This event is generated when an attempt is made to escalate privileges remotely using a vulnerability in mountd.

--
Impact:
System compromize presenting the attacker with escalated system privileges .

--
Detailed Information:
Some implementations of the Network File System (NFS) on Linux systems use a vulnerable version of mountd that is subject to a buffer overflow condition in the logging subsystem.

The mountd logging facility also logs failed attempts to mount shared resources, even if NFS is not enabled on the system. This means that exploitation of this issue is possible wether or not NFS is being used.

Affected Systems:
	Caldera OpenLinux Standard 1.2
	RedHat Linux 2.0, 2.1, 3.0.3, 4.0, 4.1, 4.2, 5.0, 5.1

--
Attack Scenarios:
Exploit scripts are available

--
Ease of Attack:
Simple. Exploits are available.

--
False Positives:
None Known

--
False Negatives:
None Known

--
Corrective Action:
Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

--
Contributors:
Original rule writer unknown
Sourcefire Research Team
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

Bugtraq:
http://www.securityfocus.com/bid/121

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0917

CERT:
http://www.cert.org/advisories/CA-1998-12.html
http://www.cert.org/summaries/CS-98-08.html

--