{"vuid":"VU#698302","idnumber":"698302","name":"nfs-utils vulnerable to buffer overflow in \"getquotainfo()\" in \"rquota_server.c\"","keywords":["nfs-utils","buffer overflow","getquotainfo()","rquota_server.c"],"overview":"A vulnerability in nfs-utils could permit an attacker to execute arbitrary code on the system or cause a denial of service.","clean_desc":"The NFS protocol provides remote access to shared files accross networks. The nfs-utils package provides an NFS client and server for Linux systems. Nfs-utils on 64-bit architecture machines contains a stack-based buffer overflow vulnerability. The function \"getquotainfo()\" in \"rquota_server.c\" assumes certain values to be 32-bit in size during a call to memcpy(). On a 64-bit machine, this can cause a buffer overflow.","impact":"A remote attacker could execute arbitrary code or create a denial-of-service condition on a vulnerable server running nfs-utils.","resolution":"Apply a patch from your vendor\nFor vendor-specific information regarding vulnerable status and patch availability, please see the vendor section of this document.","workarounds":"","sysaffected":"","thanks":"Red Hat credits Arjan van de Ven with reporting this vulnerability.","author":"This document was written by Will Dormann.","public":["http://www.gentoo.org/security/en/glsa/glsa-200412-08.xml","http://secunia.com/advisories/13440/","http://xforce.iss.net/xforce/xfdb/18455","http://www.securityfocus.com/bid/11911","http://nfs.sourceforge.net/"],"cveids":["CVE-2004-0946"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-12-14T14:54:00Z","publicdate":"2004-11-22T00:00:00Z","datefirstpublished":"2005-03-04T21:59:56Z","dateupdated":"2005-04-04T14:36:45Z","revision":10,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"6","cam_impact":"19","cam_easeofexploitation":"14","cam_attackeraccessrequired":"10","cam_scorecurrent":"7.48125","cam_scorecurrentwidelyknown":"8.9775","cam_scorecurrentwidelyknownexploited":"14.9625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.48125,"vulnote":null}