Vulnerability Note VU#698302

nfs-utils vulnerable to buffer overflow in "getquotainfo()" in "rquota_server.c"

Original Release date: 04 Mar 2005 | Last revised: 04 Apr 2005


A vulnerability in nfs-utils could permit an attacker to execute arbitrary code on the system or cause a denial of service.


The NFS protocol provides remote access to shared files accross networks. The nfs-utils package provides an NFS client and server for Linux systems. Nfs-utils on 64-bit architecture machines contains a stack-based buffer overflow vulnerability. The function "getquotainfo()" in "rquota_server.c" assumes certain values to be 32-bit in size during a call to memcpy(). On a 64-bit machine, this can cause a buffer overflow.


A remote attacker could execute arbitrary code or create a denial-of-service condition on a vulnerable server running nfs-utils.


Apply a patch from your vendor

For vendor-specific information regarding vulnerable status and patch availability, please see the vendor section of this document.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
MandrakeSoftAffected14 Jan 200514 Jan 2005
Red Hat Inc.Affected14 Jan 200520 Jan 2005
TurboLinuxAffected14 Jan 200504 Apr 2005
DebianNot Affected14 Jan 200517 Jan 2005
Sun Microsystems Inc.Not Affected14 Jan 200520 Jan 2005
ConectivaUnknown-14 Jan 2005
EMC CorporationUnknown14 Jan 200514 Jan 2005
Hewlett-Packard CompanyUnknown14 Jan 200514 Jan 2005
IBM-zSeriesUnknown14 Jan 200514 Jan 2005
IBM eServerUnknown14 Jan 200514 Jan 2005
ImmunixUnknown14 Jan 200514 Jan 2005
Ingrian NetworksUnknown14 Jan 200514 Jan 2005
MontaVista SoftwareUnknown14 Jan 200514 Jan 2005
NovellUnknown14 Jan 200514 Jan 2005
Openwall GNU/*/LinuxUnknown14 Jan 200514 Jan 2005
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



Red Hat credits Arjan van de Ven with reporting this vulnerability.

This document was written by Will Dormann.

Other Information

  • CVE IDs: CAN-2004-0946
  • Date Public: 22 Nov 2004
  • Date First Published: 04 Mar 2005
  • Date Last Updated: 04 Apr 2005
  • Severity Metric: 7.48
  • Document Revision: 7


If you have feedback, comments, or additional information about this vulnerability, please send us email.