Published: 27/08/2003 Updated: 11/10/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel prior to 2.4.21 allows remote malicious users to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

A number of vulnerabilities have been discovered in the Linux kernel CAN-2003-0461: /proc/tty/driver/serial in Linux 24x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords This bug has been fixed by restricting access to ...

/* Linux 2420 knfsd kernel signed/unsigned decode_fh DoS Author: jared stanbrough <jareds pdx edu> Vulnerable code: (fs/nfsd/nfs3xdrc line 52-64) static inline u32 * decode_fh(u32 *p, struct svc_fh *fhp) { int size; fh_init(fhp, NFS3_FHSIZE); size = ntohl(*p++); if (size > NFS3_FHSIZE) ...

NVD-CWE-Other http://www.redhat.com/support/errata/RHSA-2003-198.html http://www.debian.org/security/2004/dsa-358 http://www.redhat.com/support/errata/RHSA-2003-239.html http://marc.info/?l=bugtraq&m=105950927708272&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A386 https://nvd.nist.gov https://www.debian.org/security/./dsa-358 https://www.exploit-db.com/exploits/68/

CVE-2003-0619

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect