RSS   Vulnerabilities for 'Nfs-utils'   RSS

2009-01-20
 
CVE-2009-0180

CWE-264
 
 
Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376.

 
2008-10-14
 
CVE-2008-4552

CWE-264
 
 
The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.

 
2005-01-10
 
CVE-2004-1014

CWE-Other
 
 
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.

 
 
CVE-2004-0946

CWE-Other
 
 
rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request.

 
2004-06-14
 
CVE-2004-0154

 
 
rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name.

 
2003-08-18
 
CVE-2003-0252

CWE-Other
 
 
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.

 

Copyright 2024, cxsecurity.com

 

Back to Top