Vulnerability Name:

CVE-2003-0252 (CCN-12600)

Assigned:2003-07-14
Published:2003-07-14
Updated:2018-05-03
Summary:Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: SCO Security Advisory CSSA-2003-037.0
OpenLinux: Linux NFS utils package contains remotely exploitable off-by-one bug

Source: CCN
Type: BugTraq Mailing List, Mon Jul 14 2003 - 10:02:02 CDT
Linux nfs-utils xlog() off-by-one bug

Source: CCN
Type: DSA 349-1
nfs-utils - buffer overflow

Source: VULNWATCH
Type: Vendor Advisory
20030714 Linux nfs-utils xlog() off-by-one bug

Source: CCN
Type: VulnWatch Mailing List, Mon Jul 14 2003 - 16:23:11 CDT
Reality of the rpc.mountd bug

Source: VULNWATCH
Type: Vendor Advisory
20030714 Reality of the rpc.mountd bug

Source: MITRE
Type: CNA
CVE-2003-0252

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2003:700
nfs-utils

Source: MISC
Type: UNKNOWN
http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt

Source: BUGTRAQ
Type: UNKNOWN
20030714 Linux nfs-utils xlog() off-by-one bug

Source: BUGTRAQ
Type: UNKNOWN
20030715 [slackware-security] nfs-utils packages replaced (SSA:2003-195-01b)

Source: BUGTRAQ
Type: UNKNOWN
20030716 Immunix Secured OS 7+ nfs-utils update -- bugtraq

Source: CCN
Type: RHSA-2003-206
Updated nfs-utils packages fix denial of service vulnerability

Source: CCN
Type: RHSA-2003-207
nfs-utils security update

Source: CCN
Type: SA9259
nfs-utils "xlog()" Buffer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
9259

Source: CCN
Type: SECTRACK ID: 1007187
`nfs-utils` Buffer Overflow May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1007187

Source: CCN
Type: NFS Web site
Project Info - NFS

Source: CCN
Type: Sun Alert ID: 55882
Sun Linux 5.0 Denial of Service Vulnerability in "nfs-utils" Package Version 1.0.3 and Earlier

Source: SUNALERT
Type: UNKNOWN
1001262

Source: DEBIAN
Type: UNKNOWN
DSA-349

Source: DEBIAN
Type: DSA-349
nfs-utils -- buffer overflow

Source: CCN
Type: US-CERT VU#258564
Linux NFS utils package rpc.mountd contains off-by-one buffer overflow in xlog() function

Source: CERT-VN
Type: US Government Resource
VU#258564

Source: CCN
Type: Immunix Secured OS Security Advisory IMNX-2003-7+-018-01
nfs-utils

Source: CCN
Type: Trustix Secure Linux Security Advisory #2003-0027
nfs-utils

Source: CCN
Type: Gentoo Linux Security Announcement 200307-07
nfs-utils

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2003:076

Source: SUSE
Type: UNKNOWN
SuSE-SA:2003:031

Source: REDHAT
Type: UNKNOWN
RHSA-2003:206

Source: REDHAT
Type: UNKNOWN
RHSA-2003:207

Source: CCN
Type: SecuriTeam Mailing List, Security Holes & Exploits 17 Sep 2003
Remote rpc.mountd Exploit for xlog() Vulnerability

Source: BID
Type: UNKNOWN
8179

Source: CCN
Type: BID-8179
NFS-Utils Xlog Remote Buffer Overrun Vulnerability

Source: CCN
Type: Slackware Security Advisory SSA:2003-195-01b
nfs-utils packages replaced

Source: CCN
Type: Slackware Security Advisory SSA:2003-195-01
nfs-utils off-by-one overflow fixed

Source: CCN
Type: TLSA-2003-44
nfs-utils xlog() off-by-one bug

Source: TURBO
Type: UNKNOWN
TLSA-2003-44

Source: XF
Type: UNKNOWN
nfs-utils-offbyone-bo(12600)

Source: XF
Type: UNKNOWN
nfs-utils-offbyone-bo(12600)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:443

Source: SUSE
Type: SUSE-SA:2003:031
nfs-utils: remote code execution

Vulnerable Configuration:Configuration 1:
  • cpe:/a:nfs:nfs-utils:0.2:*:*:*:*:*:*:*
  • OR cpe:/a:nfs:nfs-utils:0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:nfs:nfs-utils:0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:nfs:nfs-utils:0.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:nfs:nfs-utils:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:nfs:nfs-utils:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:nfs:nfs-utils:1.0.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20030252
    V
    		CVE-2003-0252
    2022-09-02
    oval:org.mitre.oval:def:443
    V
    		mountd xlog Function Off-by-One Vulnerability
    2010-09-20
    oval:org.debian:def:349
    V
    		buffer overflow
    2003-07-14
    BACK
    nfs nfs-utils 0.2
    nfs nfs-utils 0.2.1
    nfs nfs-utils 0.3.1
    nfs nfs-utils 0.3.3
    nfs nfs-utils 1.0
    nfs nfs-utils 1.0.1
    nfs nfs-utils 1.0.3