| VID |
12046 |
| Severity |
40 |
| Port |
|
| Protocol |
UDP |
| Class |
RPC |
| Detailed Description |
The Linux kernel nfsd (knfsd) server is vulnerable to a denial of service attack.
The flaw exists in the Linux Kernel 2.4 XDR handler routine for NFSv3 contained in the nfs3xdr.c kernel source file. This flaw is due to a signed/unsigned mismatch, when processing the length field of an XDR packet. By sending a malformed GETATTR request with an invalid length field, a remote attacker can trigger a kernel panic, which causes the system to stop responding to user requests.
* References:
http://www.securityfocus.com/archive/1/330888
* Platforms Affected:
Linux kernel 2.4.21 earlier
Linux Any version |
| Recommendation |
Upgrade to the latest stable version of Linux kernel (2.4.21 or later). Contact your vendor for upgrade information. The Official Web site of the Linux Kernel is the Linux Kernel Archives at http://www.kernel.org/
-- OR --
Disable the knfsd service, if it is not required. |
| Related URL |
CVE-2003-0619 (CVE) |
| Related URL |
8298 (SecurityFocus) |
| Related URL |
12764 (ISS) |
|
