Secunia Logo
 
Linux Kernel NFS XDR Denial of Service
Secunia Advisory: SA9403
Release Date: 2003-08-01
Popularity: 9,372 views

Critical:
Less critical
Impact: DoS
Where: From local network
Solution Status: Vendor Patch

OS:Linux Kernel 2.4.x

Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2003-0619


Description:
A vulnerability has been identified in the Linux kernel 2.4 branch allowing malicious users to cause a kernel panic.

The problem is that the "decode_fh" function in "nfs3xdr.c" fails to handle a negative size value in certain NFS calls. This allows malicious users to cause a kernel panic.

Exploit code exists.

Solution:
Linux kernel 2.4.21 is not vulnerable.

Provided and/or discovered by:
Jared Stanbrough


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Today
New advisories: 9
New vulnerabilities: 26
Updated advisories: 61

Highly // 340 views
Ubuntu update for libxml2

18th Nov, 2008
New advisories: 27
New vulnerabilities: 38
Updated advisories: 26


Solutions | More...  


Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Oracle Products Multiple Vulnerabilities // 68 views
2. PHPLIB Session Handling SQL Injection Vulnerability // 46 views
3. Sun Java JDK / JRE Multiple Vulnerabilities // 42 views
4. Oracle Products Multiple Vulnerabilities // 38 views
5. No-IP Linux Dynamic Update Client Buffer Overflow Vulnerability // 36 views
6. Mozilla Firefox 3 Multiple Vulnerabilities // 33 views
7. Cisco IOS Multiple Vulnerabilities // 31 views
8. Opera "file://" URI Handling Buffer Overflow Vulnerability // 31 views
9. Streamripper Multiple Buffer Overflow Vulnerabilities // 30 views
10. MDaemon Server WorldClient Script Insertion Vulnerabilities // 29 views