CVE-2011-2500
Published: 15 February 2014
The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.
Notes
Author | Note |
---|---|
mdeslaur | introduced in 1.2.3 |
Priority
Status
Package | Release | Status |
---|---|---|
nfs-utils Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
(code not present)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Not vulnerable
(1:1.2.5-3ubuntu3.1)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Not vulnerable
(1:1.2.8-2ubuntu2)
|
|
trusty |
Not vulnerable
(1:1.2.8-6ubuntu1)
|
|
upstream |
Released
(1:1.2.4-1)
|
|
Patches: vendor: https://rhn.redhat.com/errata/RHSA-2011-1534.html |