The "rpc.statd" daemon in the "nfs-utils" package is susceptible to a format string attack by which a remote user could gain root access to the system.
Download the following RPM packages to the NetWinder into a temporary
directory, then install them with the command "rpm -Uvh *.rpm". Be sure
there are no other files ending in ".rpm" in the temporary directory. See
http://www.netwinder.org/security/install.html for more help.
REFERENCESReported on Bugtraq by Daniel Jacobowitz on July 16, 2000. Patched RPMs issued by RedHat on July 17th, 2000.