Arjan Van De Ven

**Name of the Vulnerable Software and Affected Versions** nfs-utils versions prior to 1.0.6-r6 **Description** The issue concerns multiple vulnerabilities in the nfs-utils package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, the rquotad component in nfs-utils contains a flaw in integer conversion on 64-bit architectures, leading to a stack-based buffer overflow. This allows remote attackers to execute arbitrary code via a crafted NFS request. **Recommendations** For nfs-utils versions prior to 1.0.6-r6, update to version 1.0.6-r6 or later to resolve the issue. As a temporary workaround, consider restricting access to the rquotad service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Debian GNU/Linux kernel versions prior to 2.4.20 Red Hat Linux kernel versions prior to 2.4.20 **Description** The issue is related to multiple vulnerabilities in the Linux kernel, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited by a local attacker. The vulnerabilities are related to a stack-based buffer overflow in the ncp lookup function for ncpfs in Linux kernel 2.4.x, allowing local users to gain privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.