ID CVE-2003-0252
Summary Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.
References
Vulnerable Configurations
  • cpe:2.3:a:linux-nfs:nfs-utils:0.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-nfs:nfs-utils:0.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:0.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-nfs:nfs-utils:0.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:0.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-nfs:nfs-utils:0.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:0.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-nfs:nfs-utils:0.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:0.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-nfs:nfs-utils:0.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:0.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-nfs:nfs-utils:0.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:0.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-nfs:nfs-utils:0.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:0.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-nfs:nfs-utils:0.1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:0.1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-nfs:nfs-utils:0.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:0.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-nfs:nfs-utils:0.1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:0.1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-nfs:nfs-utils:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-nfs:nfs-utils:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-nfs:nfs-utils:0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-nfs:nfs-utils:0.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:0.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-nfs:nfs-utils:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:linux-nfs:nfs-utils:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:linux-nfs:nfs-utils:1.0.3:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 02-02-2024 - 02:56)
Impact:
Exploitability:
CWE CWE-193
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2010-09-20T04:00:25.948-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
  • name Jonathan Baker
    organization The MITRE Corporation
description Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.
family unix
id oval:org.mitre.oval:def:443
status accepted
submitted 2003-09-02T12:00:00.000-04:00
title mountd xlog Function Off-by-One Vulnerability
version 41
redhat via4
advisories
  • rhsa
    id RHSA-2003:206
  • rhsa
    id RHSA-2003:207
refmap via4
bid 8179
bugtraq
  • 20030714 Linux nfs-utils xlog() off-by-one bug
  • 20030715 [slackware-security] nfs-utils packages replaced (SSA:2003-195-01b)
  • 20030716 Immunix Secured OS 7+ nfs-utils update -- bugtraq
cert-vn VU#258564
debian DSA-349
mandrake MDKSA-2003:076
misc http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt
sco CSSA-2003-037.0
sectrack 1007187
secunia 9259
sunalert 1001262
suse SuSE-SA:2003:031
turbo TLSA-2003-44
vulnwatch
  • 20030714 Linux nfs-utils xlog() off-by-one bug
  • 20030714 Reality of the rpc.mountd bug
xf nfs-utils-offbyone-bo(12600)
Last major update 02-02-2024 - 02:56
Published 18-08-2003 - 04:00
Last modified 02-02-2024 - 02:56
Back to Top