|Bugzilla:||716949: CVE-2011-2500 nfs-utils: Improper authentication of an incoming request when an IP based authentication used|
The MITRE CVE dictionary describes this issue as:
The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.
This issue did not affect the versions of nfs-utils as shipped with Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this issue as having low security impact; a future update in Red Hat Enterprise Linux 6 may address this flaw.
CVSS v2 metrics
|Access Vector:||Adjacent Network|
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux version 6 (nfs-utils)||RHSA-2011:1534||December 05, 2011|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.