Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2026:3940

Опубликовано: 10 мар. 2026
Источник: rocky
Оценка: Moderate

Описание

Moderate: nfs-utils security update

The nfs-utils packages provide a daemon for the kernel Network File System (NFS) server and related tools, which provides better performance than the traditional Linux NFS server used by most users. These packages also contain the mount.nfs, umount.nfs, and showmount programs.

Security Fix(es):

  • nfs-utils: rpc.mountd in the nfs-utils privilege escalation (CVE-2025-12801)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
libnfsidmapi68638.el9_7.3libnfsidmap-2.5.4-38.el9_7.3.i686.rpm
libnfsidmapx86_6438.el9_7.3libnfsidmap-2.5.4-38.el9_7.3.x86_64.rpm
nfs-utilsx86_6438.el9_7.3nfs-utils-2.5.4-38.el9_7.3.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-12801

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2025-12801

CVSS3: 6.5
ubuntu
около 1 месяца назад

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.

redhat логотип

CVE-2025-12801

CVSS3: 6.5
redhat
около 1 месяца назад

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.

nvd логотип

CVE-2025-12801

CVSS3: 6.5
nvd
около 1 месяца назад

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.

debian логотип

CVE-2025-12801

CVSS3: 6.5
debian
около 1 месяца назад

A vulnerability was recently discovered in the rpc.mountd daemon in th ...

rocky логотип

RLSA-2026:3939

rocky
28 дней назад

Moderate: nfs-utils security update