Vulnerability Details CVE-2003-0252
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.218
EPSS Ranking 95.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0023.html
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0024.html
- http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt
- http://marc.info/?l=bugtraq&m=105820223707191&w=2
- http://marc.info/?l=bugtraq&m=105830921519513&w=2
- http://marc.info/?l=bugtraq&m=105839032403325&w=2
- http://secunia.com/advisories/9259
- http://securitytracker.com/id?1007187
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001262.1-1
- http://www.debian.org/security/2003/dsa-349
- http://www.kb.cert.org/vuls/id/258564
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:076
- http://www.novell.com/linux/security/advisories/2003_031_nfs_utils.html
- http://www.redhat.com/support/errata/RHSA-2003-206.html
- http://www.redhat.com/support/errata/RHSA-2003-207.html
- http://www.securityfocus.com/bid/8179
- http://www.turbolinux.com/security/TLSA-2003-44.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12600
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A443
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0023.html
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0024.html
- http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt
- http://marc.info/?l=bugtraq&m=105820223707191&w=2
- http://marc.info/?l=bugtraq&m=105830921519513&w=2
- http://marc.info/?l=bugtraq&m=105839032403325&w=2
- http://secunia.com/advisories/9259
- http://securitytracker.com/id?1007187
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001262.1-1
- http://www.debian.org/security/2003/dsa-349
- http://www.kb.cert.org/vuls/id/258564
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:076
- http://www.novell.com/linux/security/advisories/2003_031_nfs_utils.html
- http://www.redhat.com/support/errata/RHSA-2003-206.html
- http://www.redhat.com/support/errata/RHSA-2003-207.html
- http://www.securityfocus.com/bid/8179
- http://www.turbolinux.com/security/TLSA-2003-44.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12600
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A443
Products affected by CVE-2003-0252
-
cpe:2.3:a:linux-nfs:nfs-utils:0.1.1
-
cpe:2.3:a:linux-nfs:nfs-utils:0.1.2
-
cpe:2.3:a:linux-nfs:nfs-utils:0.1.3
-
cpe:2.3:a:linux-nfs:nfs-utils:0.1.4
-
cpe:2.3:a:linux-nfs:nfs-utils:0.1.5
-
cpe:2.3:a:linux-nfs:nfs-utils:0.1.6
-
cpe:2.3:a:linux-nfs:nfs-utils:0.1.7
-
cpe:2.3:a:linux-nfs:nfs-utils:0.1.8
-
cpe:2.3:a:linux-nfs:nfs-utils:0.1.8.2
-
cpe:2.3:a:linux-nfs:nfs-utils:0.1.9
-
cpe:2.3:a:linux-nfs:nfs-utils:0.1.9.1
-
cpe:2.3:a:linux-nfs:nfs-utils:0.2
-
cpe:2.3:a:linux-nfs:nfs-utils:0.2.1
-
cpe:2.3:a:linux-nfs:nfs-utils:0.3.1
-
cpe:2.3:a:linux-nfs:nfs-utils:0.3.3
-
cpe:2.3:a:linux-nfs:nfs-utils:1.0.1
-
cpe:2.3:a:linux-nfs:nfs-utils:1.0.3