Vulnerability CVE-2013-1923
Published: 2014-01-21

Description:
rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
rpc-gssd DNS spoofing vulnerability
Vincent Danen
05.04.2013

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:A/AC:H/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.2/10
4.9/10
3.2/10
Exploit range
Attack complexity
Authentication
Adjacent network
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Linux-nfs -> Nfs-utils 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=948072
http://xforce.iss.net/xforce/xfdb/85331
http://www.securityfocus.com/bid/58854
http://marc.info/?l=linux-nfs&m=136500502805121&w=2
http://marc.info/?l=linux-nfs&m=136491998607561&w=2
http://lists.opensuse.org/opensuse-updates/2013-06/msg00172.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00146.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00142.html
Copyright 2024, cxsecurity.com

 

Back to Top