Overview
A vulnerability in nfs-utils could permit an attacker to execute arbitrary code on the system or cause a denial of service.
Description
The NFS protocol provides remote access to shared files accross networks. The nfs-utils package provides an NFS client and server for Linux systems. Nfs-utils on 64-bit architecture machines contains a stack-based buffer overflow vulnerability. The function "getquotainfo()" in "rquota_server.c" assumes certain values to be 32-bit in size during a call to memcpy(). On a 64-bit machine, this can cause a buffer overflow. |
Impact
A remote attacker could execute arbitrary code or create a denial-of-service condition on a vulnerable server running nfs-utils. |
Solution
Apply a patch from your vendor For vendor-specific information regarding vulnerable status and patch availability, please see the vendor section of this document. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Red Hat credits Arjan van de Ven with reporting this vulnerability.
This document was written by Will Dormann.
Other Information
| CVE IDs: | CVE-2004-0946 |
| Severity Metric: | 7.48 |
| Date Public: | 2004-11-22 |
| Date First Published: | 2005-03-04 |
| Date Last Updated: | 2005-04-04 14:36 UTC |
| Document Revision: | 10 |