ID CVE-2004-1014
Summary statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
References
Vulnerable Configurations
  • cpe:2.3:a:nfs:nfs-utils:1.0.6
    cpe:2.3:a:nfs:nfs-utils:1.0.6
  • Debian Debian Linux 3.0
    cpe:2.3:o:debian:debian_linux:3.0
  • cpe:2.3:o:debian:debian_linux:3.0:-:alpha
    cpe:2.3:o:debian:debian_linux:3.0:-:alpha
  • cpe:2.3:o:debian:debian_linux:3.0:-:arm
    cpe:2.3:o:debian:debian_linux:3.0:-:arm
  • cpe:2.3:o:debian:debian_linux:3.0:-:hppa
    cpe:2.3:o:debian:debian_linux:3.0:-:hppa
  • cpe:2.3:o:debian:debian_linux:3.0:-:ia-32
    cpe:2.3:o:debian:debian_linux:3.0:-:ia-32
  • cpe:2.3:o:debian:debian_linux:3.0:-:ia-64
    cpe:2.3:o:debian:debian_linux:3.0:-:ia-64
  • cpe:2.3:o:debian:debian_linux:3.0:-:m68k
    cpe:2.3:o:debian:debian_linux:3.0:-:m68k
  • cpe:2.3:o:debian:debian_linux:3.0:-:mips
    cpe:2.3:o:debian:debian_linux:3.0:-:mips
  • cpe:2.3:o:debian:debian_linux:3.0:-:mipsel
    cpe:2.3:o:debian:debian_linux:3.0:-:mipsel
  • cpe:2.3:o:debian:debian_linux:3.0:-:ppc
    cpe:2.3:o:debian:debian_linux:3.0:-:ppc
  • cpe:2.3:o:debian:debian_linux:3.0:-:s-390
    cpe:2.3:o:debian:debian_linux:3.0:-:s-390
  • cpe:2.3:o:debian:debian_linux:3.0:-:sparc
    cpe:2.3:o:debian:debian_linux:3.0:-:sparc
  • MandrakeSoft Mandrake Linux 9.2
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.2
  • cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:-:amd64
    cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:-:amd64
  • MandrakeSoft Mandrake Linux 10.0
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.0
  • cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:-:amd64
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:-:amd64
  • MandrakeSoft Mandrake Linux 10.1
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.1
  • cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:-:x86_64
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:-:x86_64
  • MandrakeSoft Mandrake Linux Corporate Server 2.1
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1
  • cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:-:x86_64
    cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:-:x86_64
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation_server
  • Red Hat Desktop 3.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:3.0
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-36-1.NASL
    description SGI discovered a remote Denial of Service vulnerability in the NFS statd server. statd did not ignore the 'SIGPIPE' signal which caused it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20652
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20652
    title Ubuntu 4.10 : nfs-utils vulnerability (USN-36-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200412-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-200412-08 (nfs-utils: Multiple remote vulnerabilities) Arjan van de Ven has discovered a buffer overflow on 64-bit architectures in 'rquota_server.c' of nfs-utils (CAN-2004-0946). A remotely exploitable flaw on all architectures also exists in the 'statd.c' file of nfs-utils (CAN-2004-1014), which can be triggered by a mishandled SIGPIPE. Impact : A remote attacker could potentially cause a Denial of Service, or even execute arbitrary code (64-bit architectures only) on a remote NFS server. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 15955
    published 2004-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15955
    title GLSA-200412-08 : nfs-utils: Multiple remote vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-146.NASL
    description SGI developers discovered a remote DoS (Denial of Service) condition in the NFS statd server. rpc.statd did not ignore the 'SIGPIPE' signal which would cause it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely. The updated packages have been patched to prevent this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 15919
    published 2004-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15919
    title Mandrake Linux Security Advisory : nfs-utils (MDKSA-2004:146)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-583.NASL
    description An updated nfs-utils package that fixes various security issues is now available. The nfs-utils package provides a daemon for the kernel NFS server and related tools, providing a much higher level of performance than the traditional Linux NFS server used by most users. This package also contains the showmount program. Showmount queries the mount daemon on a remote host for information about the NFS (Network File System) server on the remote host. SGI reported that the statd daemon did not properly handle the SIGPIPE signal. A misconfigured or malicious peer could cause statd to crash, leading to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1014 to this issue. Arjan van de Ven discovered a buffer overflow in rquotad. On 64-bit architectures, an improper integer conversion can lead to a buffer overflow. An attacker with access to an NFS share could send a specially crafted request which could lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0946 to this issue. Additionally, this updated package addresses the following issues : - The UID of the nfsnobody account has been fixed for 32-bit and 64-bit machines. Because the st_uid field of the stat structure is an unsigned integer, an actual value of -2 cannot be used when creating the account, so the decimal value of -2 is used. On a 32-bit machine, the decimal value of -2 is 65534 but on a 64-bit machine it is 4294967294. This errata enables the nfs-utils post-install script to detect the target architecture, so an appropriate decimal value is used. All users of nfs-utils should upgrade to this updated package, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 16017
    published 2004-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16017
    title RHEL 3 : nfs-utils (RHSA-2004:583)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-014.NASL
    description An updated nfs-utils package that fixes various security issues is now available. The nfs-utils package provides a daemon for the kernel NFS server and related tools. SGI reported that the statd daemon did not properly handle the SIGPIPE signal. A misconfigured or malicious peer could cause statd to crash, leading to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1014 to this issue. Arjan van de Ven discovered a buffer overflow in rquotad. On 64-bit architectures, an improper integer conversion can lead to a buffer overflow. An attacker with access to an NFS share could send a specially crafted request which could lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0946 to this issue. All users of nfs-utils should upgrade to this updated package, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 16147
    published 2005-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16147
    title RHEL 2.1 : nfs-utils (RHSA-2005:014)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-606.NASL
    description SGI has discovered that rpc.statd from the nfs-utils package, the Network Status Monitor, did not ignore the 'SIGPIPE'. Hence, a client prematurely terminating the TCP connection could also terminate the server process.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 15925
    published 2004-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15925
    title Debian DSA-606-1 : nfs-utils - wrong signal handler
oval via4
accepted 2013-04-29T04:09:50.150-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
family unix
id oval:org.mitre.oval:def:10899
status accepted
submitted 2010-07-09T03:56:16-04:00
title statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
version 23
redhat via4
advisories
  • rhsa
    id RHSA-2004:583
  • rhsa
    id RHSA-2005:014
refmap via4
bid 11785
confirm http://cvs.sourceforge.net/viewcvs.py/nfs/nfs-utils/ChangeLog?rev=1.258&view=markup
debian DSA-606
fedora FLSA-2006:138098
trustix 2004-0065
ubuntu USN-36-1
xf nfs-utils-statd-dos(18332)
Last major update 07-12-2016 - 21:59
Published 10-01-2005 - 00:00
Last modified 19-10-2018 - 11:30
Back to Top