CVE-2019-3689 – nfs-utils: root-owned files stored in insecure /var/lib/nfs directory
https://notcve.org/view.php?id=CVE-2019-3689
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system. El paquete nfs-utils en SUSE Linux Enterprise Server 12 en versiones anteriores e incluyendo la versión 1.3.0-34.18.1 y en SUSE Linux Enterprise Server 15 en versiones anteriores e incluyendo la versión 2.1.1-6.10.2, el directorio /var/lib/nfs es propiedad de statd:nogroup. Este directorio contiene archivos de propiedad y administrados por root. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00006.html https://bugzilla.suse.com/show_bug.cgi?id=1150733 https://git.linux-nfs.org/?p=steved/nfs-utils.git%3Ba=commitdiff%3Bh=fee2cc29e888f2ced6a76990923aef19d326dc0e https://lists.debian.org/debian-lts-announce/2019/10/msg00026.html https://usn.ubuntu.com/4400-1 • CWE-276: Incorrect Default Permissions •
CVE-2013-1923
https://notcve.org/view.php?id=CVE-2013-1923
rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks. rpc-gssd en nfs-utils anterior a la versión 1.2.8 realiza resoluciones inversas de DNS en nombres de servidor durante la autenticación GSSAPI, lo que podría permitir a atacantes remotos leer archivos restringidos del mismo modo a través de ataques de falsificación de DNS. • http://lists.opensuse.org/opensuse-updates/2013-06/msg00142.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00146.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00172.html http://marc.info/?l=linux-nfs&m=136491998607561&w=2 http://marc.info/?l=linux-nfs&m=136500502805121&w=2 http://www.securityfocus.com/bid/58854 https://bugzilla.redhat.com/show_bug.cgi?id=948072 https://exchange.xforce.ibmcloud.com/vulnerabilities/85331 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-1749 – nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
https://notcve.org/view.php?id=CVE-2011-1749
The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. La función nfs_addmntent en support/nfs/nfs_mntent.c en la herramienta mount.nsf en nfs-utils anterior a 1.2.4 intenta añadir al archivo /etc/mtab sin primero comprobar si los limites del recurso interfieren, lo que permite a usuarios locales corromper este archivo a través de un proceso con un valor RLIMIT_FSIZE pequeño, un problema relacionado con CVE-2011-1089. • http://rhn.redhat.com/errata/RHSA-2011-1534.html http://rhn.redhat.com/errata/RHSA-2012-0310.html http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/Changelog-nfs-utils-1.2.4/download http://www.openwall.com/lists/oss-security/2011/04/25/5 https://bugzilla.redhat.com/show_bug.cgi?id=697975 https://access.redhat.com/security/cve/CVE-2011-1749 • CWE-20: Improper Input Validation •
CVE-2011-2500 – nfs-utils: Improper authentication of an incoming request when an IP based authentication used
https://notcve.org/view.php?id=CVE-2011-2500
The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records. La función host_reliable_addrinfo en support/export/hostname.c en nfs-utils anterior a 1.2.4 no utiliza debidamente DNS para verificar el acceso a exportaciones NFS, lo que permite a atacantes remotos montar sistemas de ficheros mediante el establecimiento de registros DNS A y PTR manipulados. • http://marc.info/?l=linux-nfs&m=130875695821953&w=2 http://rhn.redhat.com/errata/RHSA-2011-1534.html http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4 http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/Changelog-nfs-utils-1.2.4/download https://bugzilla.redhat.com/show_bug.cgi?id=716949 https://access.redhat.com/security/cve/CVE-2011-2500 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2003-0252
https://notcve.org/view.php?id=CVE-2003-0252
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines. Error de fuera-por-uno en la función xlog de mountd en el paquete de utilidades NFS para Linux anteriores a 1.0.4 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante ciertas peticiones RPC a mountd que no contienen saltos de linea. • http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0023.html http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0024.html http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt http://marc.info/?l=bugtraq&m=105820223707191&w=2 http://marc.info/?l=bugtraq&m=105830921519513&w=2 http://marc.info/?l=bugtraq&m=105839032403325&w=2 http://secunia.com/advisories/9259 http://securitytracker.com/id?1007187 http://sunsolve.sun.com/search/document.do? • CWE-193: Off-by-one Error •