CVE-2011-2500
nfs-utils: Improper authentication of an incoming request when an IP based authentication used
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.
La funciĆ³n host_reliable_addrinfo en support/export/hostname.c en nfs-utils anterior a 1.2.4 no utiliza debidamente DNS para verificar el acceso a exportaciones NFS, lo que permite a atacantes remotos montar sistemas de ficheros mediante el establecimiento de registros DNS A y PTR manipulados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-06-15 CVE Reserved
- 2011-12-06 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=linux-nfs&m=130875695821953&w=2 | Mailing List | |
| http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4 | X_refsource_confirm | |
| http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/Changelog-nfs-utils-1.2.4/download | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2011-1534.html | 2014-03-06 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=716949 | 2011-12-05 | |
| https://access.redhat.com/security/cve/CVE-2011-2500 | 2011-12-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux-nfs Search vendor "Linux-nfs" | Nfs-utils Search vendor "Linux-nfs" for product "Nfs-utils" | <= 1.2.3 Search vendor "Linux-nfs" for product "Nfs-utils" and version " <= 1.2.3" | - |
Affected
| ||||||
| Linux-nfs Search vendor "Linux-nfs" | Nfs-utils Search vendor "Linux-nfs" for product "Nfs-utils" | 1.2.0 Search vendor "Linux-nfs" for product "Nfs-utils" and version "1.2.0" | - |
Affected
| ||||||
| Linux-nfs Search vendor "Linux-nfs" | Nfs-utils Search vendor "Linux-nfs" for product "Nfs-utils" | 1.2.1 Search vendor "Linux-nfs" for product "Nfs-utils" and version "1.2.1" | - |
Affected
| ||||||
| Linux-nfs Search vendor "Linux-nfs" | Nfs-utils Search vendor "Linux-nfs" for product "Nfs-utils" | 1.2.2 Search vendor "Linux-nfs" for product "Nfs-utils" and version "1.2.2" | - |
Affected
| ||||||