Vulnerability Details : CVE-2003-0252
Potential exploit
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.
Vulnerability category: Execute codeDenial of service
Products affected by CVE-2003-0252
- cpe:2.3:a:linux-nfs:nfs-utils:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2003-0252
39.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2003-0252
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-02-02 |
CWE ids for CVE-2003-0252
-
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.Assigned by: nvd@nist.gov (Primary)
References for CVE-2003-0252
-
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0023.html
Broken Link;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=105830921519513&w=2
'[slackware-security] nfs-utils packages replaced (SSA:2003-195-01b)' - MARCMailing List;Patch
-
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0024.html
Broken Link;Vendor Advisory
-
http://www.kb.cert.org/vuls/id/258564
VU#258564 - Linux NFS utils package "rpc.mountd" contains off-by-one buffer overflow in xlog() functionThird Party Advisory;US Government Resource
-
http://www.redhat.com/support/errata/RHSA-2003-207.html
SupportBroken Link
-
http://secunia.com/advisories/9259
About Secunia Research | FlexeraBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A443
404 Not FoundBroken Link
-
http://marc.info/?l=bugtraq&m=105820223707191&w=2
'Linux nfs-utils xlog() off-by-one bug' - MARCExploit;Mailing List
-
http://www.turbolinux.com/security/TLSA-2003-44.txt
404 Not FoundBroken Link
-
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001262.1-1
Broken Link
-
http://www.novell.com/linux/security/advisories/2003_031_nfs_utils.html
Security - Support | SUSEBroken Link
-
http://www.redhat.com/support/errata/RHSA-2003-206.html
SupportBroken Link
-
http://securitytracker.com/id?1007187
GoDaddy Domain Name SearchBroken Link;Third Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/12600
nfs-utils off-by-one buffer overflow CVE-2003-0252 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt
Exploit;Third Party Advisory
-
http://www.securityfocus.com/bid/8179
Broken Link;Third Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=105839032403325&w=2
'Immunix Secured OS 7+ nfs-utils update -- bugtraq' - MARCMailing List
-
http://www.mandriva.com/security/advisories?name=MDKSA-2003:076
Advisories - Mandriva LinuxThird Party Advisory
-
http://www.debian.org/security/2003/dsa-349
Debian -- The Universal Operating SystemBroken Link
Jump to