Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0252

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-0252
Last Modified 25 May 2010 12:18:26
Published 18 Aug 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0252

Summary

Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.

Vulnerable Systems

Application

  • Nfs-utils 0.2

  • Nfs-utils 0.2.1

  • Nfs-utils 0.3.1

  • Nfs-utils 0.3.3

  • Nfs-utils 1.0

  • Nfs-utils 1.0.1

  • Nfs-utils 1.0.3


References

CERT-VN - VU#258564

BUGTRAQ - 20030715 [slackware-security] nfs-utils packages replaced (SSA:2003-195-01b)

XF - nfs-utils-offbyone-bo(12600)

TURBO - TLSA-2003-44

BID - 8179

REDHAT - RHSA-2003:207

REDHAT - RHSA-2003:206

SUSE - SuSE-SA:2003:031

DEBIAN - DSA-349

SUNALERT - 1001262

SECTRACK - 1007187

SECUNIA - 9259

BUGTRAQ - 20030716 Immunix Secured OS 7+ nfs-utils update -- bugtraq

BUGTRAQ - 20030714 Linux nfs-utils xlog() off-by-one bug

MISC - http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt

VULNWATCH - 20030714 Reality of the rpc.mountd bug

MANDRAKE - MDKSA-2003:076


Last Updated: 27 May 2016 10:37:50