Linux-Nfs Nfs-Utils vulnerabilities

5 known vulnerabilities affecting linux-nfs/nfs-utils.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1LOW2

Vulnerabilities

Page 1 of 1
CVE-2019-3689CRITICALCVSS 9.8≤ 1.3.0-34.18.1≤ 2.1.1-6.10.22019-09-19
CVE-2019-3689 [CRITICAL] CWE-276 CVE-2019-3689: The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes ru
nvd
CVE-2011-1749LOWCVSS 3.3≤ 1.2.3v1.2.0+2 more2014-02-26
CVE-2011-1749 [LOW] CVE-2011-1749: The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2 The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
nvd
CVE-2011-2500HIGHCVSS 7.5≤ 1.2.3v1.2.0+2 more2014-02-15
CVE-2011-2500 [HIGH] CWE-264 CVE-2011-2500: The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.
nvd
CVE-2013-1923LOWCVSS 3.2≤ 1.2.7v1.2.0+6 more2014-01-21
CVE-2013-1923 [LOW] CWE-200 CVE-2013-1923: rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI au rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.
nvd
CVE-2003-0252CRITICALCVSS 9.8fixed in 1.0.42003-08-18
CVE-2003-0252 [CRITICAL] CWE-193 CVE-2003-0252: Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1. Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.
nvd