CVE-2011-2500
First published: Wed Jun 22 2011(Updated: )
A security flaw was found in the way nfs-utils performed authentication of an incoming request, when an IP based authentication mechanism was used and certain file systems were exported to either to a netgroup or a wildcard (e.g. *.my.domain), and some file systems (either the same or different to the first set) were exported to specific hosts, IP addresses, or a subnet. A remote attacker, able to create global DNS entries could use this flaw to access above listed, exported file systems. References: [1] <a href="https://bugzilla.novell.com/show_bug.cgi?id=701702">https://bugzilla.novell.com/show_bug.cgi?id=701702</a> [2] <a href="http://www.openwall.com/lists/oss-security/2011/06/27/7">http://www.openwall.com/lists/oss-security/2011/06/27/7</a> (CVE Request) Relevant upstream patch: [3] <a href="http://marc.info/?l=linux-nfs&m=130875695821953&w=2">http://marc.info/?l=linux-nfs&m=130875695821953&w=2</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/nfs-utils | <1:1.2.3-15.el6 | 1:1.2.3-15.el6 |
| nfs-utils | <=1.2.3 | |
| nfs-utils | =1.2.2 | |
| nfs-utils | =1.2.1 | |
| nfs-utils | =1.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/
- http://marc.info/?l=linux-nfs&m=130875695821953&w=2
- https://bugzilla.redhat.com/show_bug.cgi?id=716949
- http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/Changelog-nfs-utils-1.2.4/download
- http://rhn.redhat.com/errata/RHSA-2011-1534.html
- https://www.cve.org/CVERecord?id=CVE-2011-2500 https://nvd.nist.gov/vuln/detail/CVE-2011-2500
- https://access.redhat.com/errata/RHSA-2011:1534
- https://access.redhat.com/security/cve/CVE-2011-2500
- https://bugzilla.novell.com/show_bug.cgi?id=701702
- http://www.openwall.com/lists/oss-security/2011/06/27/7
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=716950
- http://www.openwall.com/lists/oss-security/2011/06/28/17
- https://rhn.redhat.com/errata/RHSA-2011-1534.html
Frequently Asked Questions
What is the severity of CVE-2011-2500?
CVE-2011-2500 is considered a moderate severity vulnerability due to its potential impact on authentication mechanisms.
How do I fix CVE-2011-2500?
To fix CVE-2011-2500, upgrade the nfs-utils package to version 1:1.2.3-15.el6 or higher.
What types of systems are affected by CVE-2011-2500?
CVE-2011-2500 affects systems using nfs-utils with IP based authentication and certain exported file systems.
Can CVE-2011-2500 be exploited remotely?
Yes, CVE-2011-2500 can be exploited remotely if vulnerable systems are configured with improper authentication settings.
Which versions of nfs-utils are vulnerable to CVE-2011-2500?
nfs-utils versions prior to 1:1.2.3-15.el6, including 1.2.0 through 1.2.2, are vulnerable to CVE-2011-2500.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-2500
- agent/trending
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- package-manager/redhat
- vendor/linux-nfs
- canonical/nfs-utils
- version/nfs-utils/1.2.3
- version/nfs-utils/1.2.2
- version/nfs-utils/1.2.1
- version/nfs-utils/1.2.0