Linux 2.4 NFSv3 knfsd Malformed GETATTR Request Remote DoS

high Nessus Plugin ID 11813



The remote NFS daemon is prone to a denial of service attack.


The remote host is running knfsd, a kernel NFS daemon.

There is a vulnerability in this version that may allow an attacker to cause a kernel panic on the remote host by sending a malformed GETATTR request with an invalid length field.


Upgrade to Linux kernel version 2.4.21 (or later) as the issue reportedly has been silently patched in that version.

See Also

Plugin Details

Severity: High

ID: 11813

File Name: knfs_dos.nasl

Version: 1.24

Type: remote

Published: 8/1/2003

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 4.4


Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport, rpc/portmap

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/29/2003

Reference Information

CVE: CVE-2003-0619

BID: 8298