The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nfs-utils | Linux-nfs | * | 1.2.3 |
Nfs-utils | Linux-nfs | 1.2.2 | 1.2.2 |
Nfs-utils | Linux-nfs | 1.2.1 | 1.2.1 |
Nfs-utils | Linux-nfs | 1.2.0 | 1.2.0 |