Rapid7 Vulnerability & Exploit Database

RHSA-2011:1534: nfs-utils security, bug fix, and enhancement update

Back to Search

RHSA-2011:1534: nfs-utils security, bug fix, and enhancement update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
12/06/2011
Created
07/25/2018
Added
12/16/2011
Modified
07/04/2017

Description

The nfs-utils packages provide a daemon for the kernel Network File System(NFS) server, and related tools such as the mount.nfs, umount.nfs, andshowmount programs.A flaw was found in the way nfs-utils performed IP based authentication ofmount requests. In configurations where a directory was exported to a groupof systems using a DNS wildcard or NIS (Network Information Service)netgroup, an attacker could possibly gain access to other directoriesexported to a specific host or subnet, bypassing intended accessrestrictions. (CVE-2011-2500)It was found that the mount.nfs tool did not handle certain errorscorrectly when updating the mtab (mounted file systems table) file. A localattacker could use this flaw to corrupt the mtab file. (CVE-2011-1749)This update also fixes several bugs and adds an enhancement. Documentationfor these bug fixes and the enhancement will be available shortly from theTechnical Notes document, linked to in the References section.Users of nfs-utils are advised to upgrade to these updated packages, whichcontain backported patches to resolve these issues and add thisenhancement. After installing this update, the nfs service will berestarted automatically.

Solution(s)

  • redhat-upgrade-nfs-utils
  • redhat-upgrade-nfs-utils-debuginfo

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;