Veracode Vulnerability DatabaseVERACODE:24875Privilege Escalation
0.008 Low
EPSS
Percentile
81.3%
nfs-utils is vulnerable to privilege escalation. A flaw was found in the way nfs-utils performed IP based authentication of mount requests. In configurations where a directory was exported to a group of systems using a DNS wildcard or NIS (Network Information Service) netgroup, an attacker could possibly gain access to other directories exported to a specific host or subnet, bypassing intended access restrictions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nfs-utils | eq | 1.2.3__7.el6 | |
| nfs-utils | eq | 1.2.2__7.el6 | |
| nfs-utils | eq | 1.2.3__7.el6_1.1 | |
| nfs-utils | eq | 1.2.3__7.el6 | |
| nfs-utils | eq | 1.2.2__7.el6 | |
| nfs-utils | eq | 1.2.3__7.el6_1.1 |
References
marc.info/?l=linux-nfs&m=130875695821953&w=2
rhn.redhat.com/errata/RHSA-2011-1534.html
sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/
sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/Changelog-nfs-utils-1.2.4/download
access.redhat.com/errata/RHSA-2011:1534
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=716949
docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.2_Technical_Notes/nfs-utils.html#RHSA-2011-1534
Related
