Info

Disclosure

Dec 07, 2004

Discovery

Unknown

Dates

Exploit

Dec 07, 2004

Solution

Unknown

Description

nfs-utils rpc.statd contains a flaw that may allow a remote denial of service. The issue is triggered when a TCP connection is closed early, and will result in a loss of availability.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.0.6-r6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

NFS

nfs-utils

1.0.6

References

Security Tracker: 1012436
Bugtraq ID: 11785
Secunia Advisory ID: 13384 13390 13597
ISS X-Force ID: 18332
CVE ID: 2004-1014 (see also: NVD)
Vendor Specific Advisory URL: http://rhn.redhat.com/errata/RHSA-2004-583.html
http://rhn.redhat.com/errata/RHSA-2005-014.html
http://www.debian.org/security/2004/dsa-606
http://www.gentoo.org/security/en/glsa/glsa-200412-08.xml
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:146
http://www.trustix.org/errata/2004/0065/
http://www.ubuntulinux.org/support/documentation/usn/usn-36-1
CIAC Advisory: P-076

Credit

SGI - SGI

Direct URL: http://osvdb.org/36218