CVE-2004-1014
published 2005-01-10CVE-2004-1014: statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via…
PriorityP418medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.38%
81.8th percentile
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | nfs-utils | < nfs-utils 1:1.0.6-3.1 (bookworm) | nfs-utils 1:1.0.6-3.1 (bookworm) |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux_corporate_server | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | >= 0 < 1:1.0.6-3.1 | 1:1.0.6-3.1 |
| nfs | nfs-utils | >= 0 < 1:1.0.6-3.1 | 1:1.0.6-3.1 |
| nfs | nfs-utils | >= 0 < 1:1.0.6-3.1 | 1:1.0.6-3.1 |
| nfs | nfs-utils | >= 0 < 1:1.0.6-3.1 | 1:1.0.6-3.1 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jx7p-442j-f3rh: statd in nfs-utils 1
ghsa_unreviewed·2022-04-29
CVE-2004-1014 [MEDIUM] GHSA-jx7p-442j-f3rh: statd in nfs-utils 1
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
OSV
CVE-2004-1014: statd in nfs-utils 1
osv·2005-01-10·CVSS 5.0
CVE-2004-1014 [MEDIUM] CVE-2004-1014: statd in nfs-utils 1
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
Red Hat
security flaw
vendor_redhat·2004-12-01·CVSS 5.0
CVE-2004-1014 [MEDIUM] security flaw
security flaw
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
Ubuntu
NFS statd vulnerability
vendor_ubuntu·2004-12-01
CVE-2004-1014 NFS statd vulnerability
Title: NFS statd vulnerability
Summary: NFS statd vulnerability
SGI discovered a remote Denial of Service vulnerability in the NFS
statd server. statd did not ignore the "SIGPIPE" signal which caused
it to shutdown if a misconfigured or malicious peer terminated the TCP
connection prematurely.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2004-1014: nfs-utils - statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which a...
vendor_debian·2004·CVSS 5.0
CVE-2004-1014 [MEDIUM] CVE-2004-1014: nfs-utils - statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which a...
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
Scope: local
bookworm: resolved (fixed in 1:1.0.6-3.1)
bullseye: resolved (fixed in 1:1.0.6-3.1)
forky: resolved (fixed in 1:1.0.6-3.1)
sid: resolved (fixed in 1:1.0.6-3.1)
trixie: resolved (fixed in 1:1.0.6-3.1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2004-1014 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2004-1014 [MEDIUM] CVE-2004-1014 security flaw
CVE-2004-1014 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
Bugzilla
CAN-2004-0946 buffer overflow in rquotad
bugzilla·2004-11-04
[MEDIUM] CAN-2004-0946 buffer overflow in rquotad
CAN-2004-0946 buffer overflow in rquotad
Description of problem:
struct dqblk
{
u_int32_t dqb_bhardlimit; /* absolute limit on disk blks alloc */
u_int32_t dqb_bsoftlimit; /* preferred limit on disk blks */
u_int32_t dqb_curblocks; /* current block count */
u_int32_t dqb_ihardlimit; /* maximum # allocated inodes */
u_int32_t dqb_isoftlimit; /* preferred inode limit */
u_int32_t dqb_curinodes; /* current # allocated inodes */
time_t dqb_btime; /* time limit for excessive disk use */
time_t dqb_itime; /* time limit for excessive files */
};
struct rquota {
int rq_bsize;
bool_t rq_active;
u_int rq_bhardlimit;
u_int rq_bsoftlimit;
u_int rq_curblocks;
u_int rq_fhardlimit;
u_int rq_fsoftlimit;
u_int rq_curfiles;
u_int rq_btimeleft;
u_int rq_ftimeleft;
};
rquota_server.c line 171 has the foll
http://cvs.sourceforge.net/viewcvs.py/nfs/nfs-utils/ChangeLog?rev=1.258&view=markuphttp://www.debian.org/security/2004/dsa-606http://www.redhat.com/support/errata/RHSA-2004-583.htmlhttp://www.redhat.com/support/errata/RHSA-2005-014.htmlhttp://www.securityfocus.com/archive/1/426072/30/6740/threadedhttp://www.securityfocus.com/bid/11785http://www.trustix.org/errata/2004/0065/https://exchange.xforce.ibmcloud.com/vulnerabilities/18332https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10899https://www.ubuntu.com/usn/usn-36-1/http://cvs.sourceforge.net/viewcvs.py/nfs/nfs-utils/ChangeLog?rev=1.258&view=markuphttp://www.debian.org/security/2004/dsa-606http://www.redhat.com/support/errata/RHSA-2004-583.htmlhttp://www.redhat.com/support/errata/RHSA-2005-014.htmlhttp://www.securityfocus.com/archive/1/426072/30/6740/threadedhttp://www.securityfocus.com/bid/11785http://www.trustix.org/errata/2004/0065/https://exchange.xforce.ibmcloud.com/vulnerabilities/18332https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10899https://www.ubuntu.com/usn/usn-36-1/
2005-01-10
Published