A vulnerability in nfs-utils could permit an attacker to execute arbitrary code on the system or cause a denial of service.
The NFS protocol provides remote access to shared files accross networks. The nfs-utils package provides an NFS client and server for Linux systems. Nfs-utils on 64-bit architecture machines contains a stack-based buffer overflow vulnerability. The function "getquotainfo()" in "rquota_server.c" assumes certain values to be 32-bit in size during a call to memcpy(). On a 64-bit machine, this can cause a buffer overflow.
A remote attacker could execute arbitrary code or create a denial-of-service condition on a vulnerable server running nfs-utils.
Apply a patch from your vendor
For vendor-specific information regarding vulnerable status and patch availability, please see the vendor section of this document.
Red Hat Inc. Affected
Debian Not Affected
Sun Microsystems Inc. Not Affected
EMC Corporation Unknown
Hewlett-Packard Company Unknown
IBM eServer Unknown
Ingrian Networks Unknown
MontaVista Software Unknown
Openwall GNU/*/Linux Unknown
SuSE Inc. Unknown
Red Hat credits Arjan van de Ven with reporting this vulnerability.
This document was written by Will Dormann.
|Date First Published:||2005-03-04|
|Date Last Updated:||2005-04-04 14:36 UTC|