Linux NFS nfs-utils 1.0.10

CPE Details

Linux NFS nfs-utils 1.0.10
linux-nfs
nfs-utils
1.0.10
2019-02-27
17h21 +00:00
2019-02-27
17h21 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:linux-nfs:nfs-utils:1.0.10:*:*:*:*:*:*:*

Informations

Vendor

linux-nfs

Product

nfs-utils

Version

1.0.10

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2019-3689 2019-09-19 13h27 +00:00 The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.
9.8
Critique
CVE-2011-1749 2014-02-26 14h00 +00:00 The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
3.3
CVE-2011-2500 2014-02-15 10h00 +00:00 The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.
7.5
CVE-2013-1923 2014-01-21 17h00 +00:00 rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.
3.2