CVE-2006-0043

NameCVE-2006-0043
DescriptionBuffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-975-1
NVD severitymedium (attack range: local)
Debian Bugs350020

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nfs-user-serversource(unstable)2.2beta47-22high350020
nfs-user-serversourcesarge2.2beta47-20sarge2mediumDSA-975-1
nfs-user-serversourcewoody2.2beta47-12woody1mediumDSA-975-1

Notes

nfs-utils (kernel NFS server) is not affected
(it uses PATH_MAX for the buffer passed to realpath).

Search for package or bug name: Reporting problems