Описание
The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.
Отчет
This issue did not affect the versions of nfs-utils as shipped with Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this issue as having low security impact; a future update in Red Hat Enterprise Linux 6 may address this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | nfs-utils | Not affected | ||
| Red Hat Enterprise Linux 5 | nfs-utils | Not affected | ||
| Red Hat Enterprise Linux 6 | nfs-utils | Fixed | RHSA-2011:1534 | 05.12.2011 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.2 Low
CVSS2
Связанные уязвимости
The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.
The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.
The host_reliable_addrinfo function in support/export/hostname.c in nf ...
The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.
ELSA-2011-1534: nfs-utils security, bug fix, and enhancement update (LOW)
EPSS
3.2 Low
CVSS2