Rapid7 Vulnerability & Exploit Database

RHSA-2012:0310: nfs-utils security, bug fix, and enhancement update

Back to Search

RHSA-2012:0310: nfs-utils security, bug fix, and enhancement update

Severity
3
CVSS
(AV:L/AC:M/Au:N/C:N/I:P/A:P)
Published
02/21/2012
Created
07/25/2018
Added
02/21/2012
Modified
07/04/2017

Description

The nfs-utils package provides a daemon for the kernel Network File System(NFS) server, and related tools such as the mount.nfs, umount.nfs, andshowmount programs.It was found that the mount.nfs tool did not handle certain errorscorrectly when updating the mtab (mounted file systems table) file. Alocal attacker could use this flaw to corrupt the mtab file.(CVE-2011-1749)This update also fixes the following bugs: rpc.statd[xxxx]: recv_rply: can't decode RPC message! rpc.statd[xxxx]: *** SIMULATING CRASH! *** rpc.statd[xxxx]: unable to register (statd, 1, udp).However, the rpc.statd service ignored SM_SIMU_CRASH. This update removesthe simulation crash support from the service and the problem no longeroccurs. (BZ#600497)In addition, this update adds the following enhancement:All nfs-utils users are advised to upgrade to this updated package, whichresolves these issues and adds this enhancement. After installing thisupdate, the nfs service will be restarted automatically.

Solution(s)

  • redhat-upgrade-nfs-utils
  • redhat-upgrade-nfs-utils-debuginfo

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;