Vulnerability Note VU#258564

Linux NFS utils package "rpc.mountd" contains off-by-one buffer overflow in xlog() function

Overview

A vulnerability in the Linux NFS (network File System) could permit an attacker to cause a denial of service, or potentially execute arbitrary code on the system.

I. Description

The Linux NFS (network File System) was developed to allow machines to mount a disk partition on a remote machine as if it were on a local hard drive. An off-by-one overflow exist in the xlog() function which handles logging of requests. Any attacker that is able to send RPC requests to vulnerable mountd daemon could exploit this vulnerability.

An exploit for this vulnerability has been reported in the wild.

II. Impact

A remote attacker may be able to cause a denial of service, or potentially execute arbitrary code on the system.

III. Solution

Version 1.0.4 has been released to address this issue.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Linux NFS	Vulnerable	17-Sep-2003

References

http://nfs.sourceforge.net/
http://sourceforge.net/projects/nfs/
http://www.secunia.com/advisories/9259/
http://xforce.iss.net/xforce/xfdb/12600
http://securitytracker.com/alerts/2003/Jul/1007187.html
http://www.securityfocus.com/bid/8179

Credit

Thanks to Janusz Niewiadomski for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

Date Public:	2003-07-14
Date First Published:	2003-09-17
Date Last Updated:	2003-09-17
CERT Advisory:
CVE-ID(s):	CAN-2003-0252
NVD-ID(s):	CAN-2003-0252
US-CERT Technical Alerts:
Metric:	13.39
Document Revision:	6

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader