CVE-2003-0619

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.4.21 Red Hat Linux kernel versions 2.4.20

Description The issue is related to an integer signedness error in the decode fh function of nfs3xdr.c in the Linux kernel, which allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call. Multiple vulnerabilities in the Red Hat Linux kernel package may lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations For Linux kernel versions prior to 2.4.21, update to version 2.4.21 or later to resolve the issue. For Red Hat Linux kernel versions 2.4.20, consider disabling the decode fh function as a temporary workaround until a patch is available. Restrict access to the vulnerable NFSv3 procedure calls to minimize the risk of exploitation.