CVE-2003-0252

CRITICAL
Published Aug 18, 200322y ago · Modified Jun 16, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Aug 18, 2003 22y ago
Last Modified Jun 16, 2026 2w ago

Description

Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-193

Affected Products 1

VendorProductVersionRange
linux-nfsnfs-utils* <1.0.4

References 19

  • archives.neohapsis.com http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0023.html
    Broken LinkVendor Advisory
  • archives.neohapsis.com http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0024.html
    Broken LinkVendor Advisory
  • isec.pl http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt
    ExploitThird Party Advisory
  • marc.info http://marc.info/?l=bugtraq&m=105820223707191&w=2
    ExploitMailing List
  • marc.info http://marc.info/?l=bugtraq&m=105830921519513&w=2
    Mailing ListPatch
  • marc.info http://marc.info/?l=bugtraq&m=105839032403325&w=2
    Mailing List
  • secunia.com http://secunia.com/advisories/9259
    Broken Link
  • securitytracker.com http://securitytracker.com/id?1007187
    Broken LinkThird Party AdvisoryVDB Entry
  • sunsolve.sun.com http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001262.1-1
    Broken Link
  • debian.org http://www.debian.org/security/2003/dsa-349
    Broken Link
  • kb.cert.org http://www.kb.cert.org/vuls/id/258564
    Third Party AdvisoryUS Government Resource
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2003:076
    Third Party Advisory
  • novell.com http://www.novell.com/linux/security/advisories/2003_031_nfs_utils.html
    Broken Link
  • redhat.com http://www.redhat.com/support/errata/RHSA-2003-206.html
    Broken Link
  • redhat.com http://www.redhat.com/support/errata/RHSA-2003-207.html
    Broken Link
  • securityfocus.com http://www.securityfocus.com/bid/8179
    Broken LinkThird Party AdvisoryVDB Entry
  • turbolinux.com http://www.turbolinux.com/security/TLSA-2003-44.txt
    Broken Link
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/12600
    Third Party AdvisoryVDB Entry
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A443
    Broken Link

Remediation

  • marc.info http://marc.info/?l=bugtraq&m=105830921519513&w=2
    Mailing ListPatch