Published: 15/02/2014 Updated: 06/03/2014

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils prior to 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote malicious users to mount filesystems by establishing crafted DNS A and PTR records.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux-nfs nfs-utils 1.2.1
linux-nfs nfs-utils 1.2.0
linux-nfs nfs-utils
linux-nfs nfs-utils 1.2.2

Synopsis Low: nfs-utils security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic Updated nfs-utils packages that fix two security issues, various bugs, andadd one enhancement are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update ...

Debian Bug report logs - #633155 Mixed IP/name-based access control can be bypassed (CVE-2011-2500) Package: nfs-kernel-server; Maintainer for nfs-kernel-server is Debian kernel team <debian-kernel@listsdebianorg>; Source for nfs-kernel-server is src:nfs-utils (PTS, buildd, popcon) Reported by: Ben Hutchings <ben@decade ...

CWE-264 http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/http://marc.info/?l=linux-nfs&m=130875695821953&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=716949 http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/Changelog-nfs-utils-1.2.4/download http://rhn.redhat.com/errata/RHSA-2011-1534.html https://access.redhat.com/errata/RHSA-2011:1534 https://nvd.nist.gov

CVE-2011-2500

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect