Vulnerabilities > CVE-2004-0154 - Denial Of Service vulnerability in NFS-Utils rpc.mountd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Nessus
NASL family | Red Hat Local Security Checks |
NASL id | REDHAT-RHSA-2004-072.NASL |
description | Updated nfs-utils packages that fix a flaw leading to possible rpc.mountd crashes are now available. The nfs-utils package contains the rpc.mountd program, which implements the NFS mount protocol. A flaw was discovered in versions of rpc.mountd in nfs-utils versions after 1.0.3 and prior to 1.0.6. When mounting a directory, rpc.mountd could crash if the reverse lookup of the client in DNS failed to match the forward lookup. An attacker who has the ability to mount remote directories from a server could make use of this flaw to cause a denial of service by making rpc.mountd crash. Users are advised to upgrade to these updated packages, which contain nfs-utils 1.0.6 and is not vulnerable to this issue. NOTE: Red Hat Enterprise Linux 2.1 includes a version of rpc.mountd that is not vulnerable to this issue. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 12470 |
published | 2004-07-06 |
reporter | This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/12470 |
title | RHEL 3 : nfs-utils (RHSA-2004:072) |
code |
|
Oval
accepted 2010-09-20T04:00:43.548-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Matt Busby organization The MITRE Corporation name Matt Busby organization The MITRE Corporation name Thomas R. Jones organization Maitreya Security name Jonathan Baker organization The MITRE Corporation
description rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name. family unix id oval:org.mitre.oval:def:861 status accepted submitted 2004-03-20T12:00:00.000-04:00 title rpc.mountd Denial of Service via NFS Mount version 41 accepted 2013-04-29T04:21:14.429-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651
description rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name. family unix id oval:org.mitre.oval:def:9673 status accepted submitted 2010-07-09T03:56:16-04:00 title rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name. version 26
Redhat
advisories |
| ||||
rpms | nfs-utils-0:1.0.6-7.EL |
References
- http://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=114535
- http://www.redhat.com/support/errata/RHSA-2004-072.html
- http://www.securityfocus.com/bid/9813
- http://www.trustix.org/errata/misc/2004/TSL-2004-0009-nfs-utils.asc.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15418
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A861
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9673