The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Nfs-utils | Linux-nfs | * | 1.2.3 (including) |
| Nfs-utils | Linux-nfs | 1.2.0 (including) | 1.2.0 (including) |
| Nfs-utils | Linux-nfs | 1.2.1 (including) | 1.2.1 (including) |
| Nfs-utils | Linux-nfs | 1.2.2 (including) | 1.2.2 (including) |
| Red Hat Enterprise Linux 6 | RedHat | nfs-utils-1:1.2.3-15.el6 | * |
| Nfs-utils | Ubuntu | hardy | * |
| Nfs-utils | Ubuntu | maverick | * |
| Nfs-utils | Ubuntu | natty | * |
| Nfs-utils | Ubuntu | oneiric | * |
| Nfs-utils | Ubuntu | quantal | * |
| Nfs-utils | Ubuntu | raring | * |
| Nfs-utils | Ubuntu | upstream | * |
References
- http://marc.info/?l=linux-nfs\u0026m=130875695821953\u0026w=2
- http://rhn.redhat.com/errata/RHSA-2011-1534.html
- http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/
- http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/Changelog-nfs-utils-1.2.4/download
- https://bugzilla.redhat.com/show_bug.cgi?id=716949
- http://marc.info/?l=linux-nfs\u0026m=130875695821953\u0026w=2
- http://rhn.redhat.com/errata/RHSA-2011-1534.html
- http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/
- http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/Changelog-nfs-utils-1.2.4/download
- https://bugzilla.redhat.com/show_bug.cgi?id=716949