Vulnerability Name:

CVE-1999-0832 (CCN-3501)

Assigned:1999-11-09
Published:1999-11-09
Updated:2008-09-09
Summary:Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Caldera International, Inc. Security Advisory CSSA-1999-033.0
buffer overflow in NFS daemon

Source: CALDERA
Type: UNKNOWN
CSSA-1999-033.0

Source: CCN
Type: BugTraq Mailing List, Tue, 9 Nov 1999 11:39:39 +0100
undocumented bugs - nfsd

Source: CCN
Type: BugTraq Mailing List, Tue Nov 30 1999 - 21:24:35 CST
[david@slackware.com: New Patches for Slackware 7.0 Available]

Source: MITRE
Type: CNA
CVE-1999-0832

Source: DEBIAN
Type: UNKNOWN
19991111 buffer overflow in nfs server

Source: DEBIAN
Type: Debian Security Advisory 19991111
nfs-server: buffer overflow in nfs server

Source: SUSE
Type: UNKNOWN
19991110 Security hole in nfs-server < 2.2beta47 within nkita

Source: CCN
Type: OSVDB ID: 11279
Linux NFS Server Pathname Overflow

Source: REDHAT
Type: UNKNOWN
RHSA-1999:053-01

Source: CCN
Type: Red Hat Linux 5.2 General Errata
new NFS server packages available (5.2, 4.2)

Source: BID
Type: UNKNOWN
782

Source: CCN
Type: BID-782
Linux nfsd Remote Buffer Overflow Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
19991109 undocumented bugs - nfsd

Source: CCN
Type: SuSE Security Announcement #29
nfs-server < 2.2beta47 within nkita

Source: XF
Type: UNKNOWN
linux-nfs-maxpath-bo(3501)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:debian:debian_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:5.2:*:i386:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:redhat:linux:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:2.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    debian debian linux 2.1
    redhat linux 5.2
    redhat linux 4.2
    redhat linux 5.2
    debian debian linux 2.1