Information disclosure in Linux-nfs Nfs-utils
CVE-2013-1923
rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.
Vulnerability class: Information Disclosure
EPSS: 0.010 (59.8th percentile) — read the EPSS interpretation.
Affected products
- Linux-nfs Nfs-utils — versions 1.2.0, 1.2.1, 1.2.2
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (vdb-entry, x_refsource_BID)
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (vendor-advisory, x_refsource_SUSE)
- secalert@redhat.com (vendor-advisory, x_refsource_SUSE)
- secalert@redhat.com (vendor-advisory, x_refsource_SUSE)
- secalert@redhat.com (vdb-entry, x_refsource_XF)
- secalert@redhat.com (mailing-list, x_refsource_MLIST)