Bugzilla – Bug 50321
VUL-0: CVE-2004-0154: nfs-utils: remote denial-of-service
Last modified: 2021-09-26 10:41:09 UTC
Moin, Mark Cox from RH posted on vendor-sec to point us to a denial-of-service condition. From: Mark J Cox <mjc@redhat.com> To: vendor-sec@lst.de Subject: [vendor-sec] nfs-utils DoS See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=209318 which I've traced as an issue that has also been reported to redhat bugzilla by a user. Looks like a remote DoS to anyone who has rights to mount a directory. Debian allocated CAN-2004-0154 to this issue, only affects nfs-utils after 1.0.3 and before 1.0.6. No embargo; fix at will. Thanks, Mark -- Mark J Cox / Red Hat Security Response Team
<!-- SBZ_reproduce --> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=209318
"after 1.0.3 and before 1.0.6" yippie ... "no such file or directory" /work/SRC/old-versions/8.1/UL/all/nfs-utils/nfs-utils-1.0.1.tar.bz2 /work/SRC/old-versions/8.1/SLEC/all/nfs-utils/nfs-utils-1.0.1.tar.bz2 /work/SRC/old-versions/8.2/all/nfs-utils/nfs-utils-1.0.1.tar.bz2 /work/SRC/old-versions/9.0/all/nfs-utils/nfs-utils-1.0.6.tar.bz2 /work/SRC/all/nfs-utils/nfs-utils-1.0.6.tar.bz2
closing, we're not vulnerable
CVE-2004-0154: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)