CVE-2003-0619

Linux Kernel < 2.4.21 - Denial of Service via NFSv3 XDR Data Size Integer Signedness Error

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0619. PoCs published by Jared Stanbrough.

AI-analyzed exploit summary This exploit targets a signed/unsigned integer vulnerability in the Linux 2.4.20 kernel's knfsd `decode_fh` function, leading to a denial-of-service (DoS) condition. It crafts a malicious NFS diropargs XDR argument with a negative size value to trigger the vulnerability.

Description

Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jared Stanbrough · cdoslinux

https://www.exploit-db.com/exploits/68

View Code ZIP pw:eip

This exploit targets a signed/unsigned integer vulnerability in the Linux 2.4.20 kernel's knfsd `decode_fh` function, leading to a denial-of-service (DoS) condition. It crafts a malicious NFS diropargs XDR argument with a negative size value to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Linux kernel 2.4.20 with knfsd

No auth needed

Prerequisites: Access to an exported NFS directory on the vulnerable host

MITRE ATT&CK