CVE-2013-1923
published 2014-01-21CVE-2013-1923: rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read…
PriorityP414low3.2CVSS 2.0
AVAACHAuNCPIPAN
EPSS
1.04%
59.8th percentile
rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nfs-utils | < nfs-utils 1:1.2.8-1 (bookworm) | nfs-utils 1:1.2.8-1 (bookworm) |
| linux-nfs | nfs-utils | <= 1.2.7 | — |
| linux-nfs | nfs-utils | — | — |
| linux-nfs | nfs-utils | — | — |
| linux-nfs | nfs-utils | — | — |
| linux-nfs | nfs-utils | — | — |
| linux-nfs | nfs-utils | — | — |
| linux-nfs | nfs-utils | — | — |
| linux-nfs | nfs-utils | — | — |
| linux-nfs | nfs-utils | >= 0 < 1:1.2.8-1 | 1:1.2.8-1 |
| linux-nfs | nfs-utils | >= 0 < 1:1.2.8-1 | 1:1.2.8-1 |
| linux-nfs | nfs-utils | >= 0 < 1:1.2.8-1 | 1:1.2.8-1 |
| linux-nfs | nfs-utils | >= 0 < 1:1.2.8-1 | 1:1.2.8-1 |
CVSS provenance
nvdv2.03.2LOWAV:A/AC:H/Au:N/C:P/I:P/A:N
osv3.2LOW
vendor_debian3.2LOW
vendor_redhat3.2LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xr88-75g2-cjj4: rpc-gssd in nfs-utils before 1
ghsa_unreviewed·2022-05-17
CVE-2013-1923 [LOW] CWE-200 GHSA-xr88-75g2-cjj4: rpc-gssd in nfs-utils before 1
rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.
OSV
CVE-2013-1923: rpc-gssd in nfs-utils before 1
osv·2014-01-21·CVSS 3.2
CVE-2013-1923 [LOW] CVE-2013-1923: rpc-gssd in nfs-utils before 1
rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.
Red Hat
nfs-utils: rpc.gssd is vulnerable to DNS spoofing
vendor_redhat·2013-04-02·CVSS 3.2
CVE-2013-1923 [LOW] nfs-utils: rpc.gssd is vulnerable to DNS spoofing
nfs-utils: rpc.gssd is vulnerable to DNS spoofing
rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: nfs-utils (Red Hat Enterprise Linux 5) - Will not fix
Package: nfs-utils (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2013-1923: nfs-utils - rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server na...
vendor_debian·2013·CVSS 3.2
CVE-2013-1923 [LOW] CVE-2013-1923: nfs-utils - rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server na...
rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.
Scope: local
bookworm: resolved (fixed in 1:1.2.8-1)
bullseye: resolved (fixed in 1:1.2.8-1)
forky: resolved (fixed in 1:1.2.8-1)
sid: resolved (fixed in 1:1.2.8-1)
trixie: resolved (fixed in 1:1.2.8-1)
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-updates/2013-06/msg00142.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00146.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00172.htmlhttp://marc.info/?l=linux-nfs&m=136491998607561&w=2http://marc.info/?l=linux-nfs&m=136500502805121&w=2http://www.securityfocus.com/bid/58854https://bugzilla.redhat.com/show_bug.cgi?id=948072https://exchange.xforce.ibmcloud.com/vulnerabilities/85331http://lists.opensuse.org/opensuse-updates/2013-06/msg00142.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00146.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00172.htmlhttp://marc.info/?l=linux-nfs&m=136491998607561&w=2http://marc.info/?l=linux-nfs&m=136500502805121&w=2http://www.securityfocus.com/bid/58854https://bugzilla.redhat.com/show_bug.cgi?id=948072https://exchange.xforce.ibmcloud.com/vulnerabilities/85331
2014-01-21
Published