Rapid7 Vulnerability & Exploit Database

CESA-2004:072: nfs-utils security update

Back to Search

CESA-2004:072: nfs-utils security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
06/14/2004
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

Updated nfs-utils packages that fix a flaw leading to possible rpc.mountd crashes are now available.

The nfs-utils package contains the rpc.mountd program, which implements the NFS mount protocol. A flaw was discovered in versions of rpc.mountd in nfs-utils versions after 1.0.3 and prior to 1.0.6. When mounting a directory, rpc.mountd could crash if the reverse lookup of the client in DNS failed to match the forward lookup. An attacker who has the ability to mount remote directories from a server could make use of this flaw to cause a denial of service by making rpc.mountd crash. Users are advised to upgrade to these updated packages, which contain nfs-utils 1.0.6 and is not vulnerable to this issue. NOTE: CentOS Linux 2.1 includes a version of rpc.mountd that is not vulnerable to this issue.

Solution(s)

  • centos-upgrade-nfs-utils

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;