PT-2014-2122 · Nfs Utils+1 · Nfs-Utils+1

Published

2011-12-05

Updated

2014-03-06

CVE-2011-2500

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions nfs-utils versions prior to 1.2.4

Description The issue arises from the host reliable addrinfo function in nfs-utils, which fails to properly utilize DNS for verifying access to NFS exports. This allows remote attackers to mount filesystems by creating crafted DNS A and PTR records.

Recommendations For versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2011-2500

RHSA-2011:1534

RHSA-2011_1534

Affected Products

Red Hat

Nfs-Utils

PT-2014-2122 · Nfs Utils+1 · Nfs-Utils+1

CVE-2011-2500

Weakness Enumeration

Related Identifiers

Affected Products

References · 16