Package : nfs-utils
Version : 1:1.2.2-4squeeze3
CVE ID : CVE-2012-3541
In the past, rpc.statd posted SM_NOTIFY requests using the same socket it
used for sending downcalls to the kernel. To receive replies from remote
hosts, the socket was bound to INADDR_ANY. To prevent unwanted data
injection, bind this socket to the loopback address.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | amd64 | nfs-kernel-server | < 1:1.2.2-4squeeze3 | nfs-kernel-server_1:1.2.2-4squeeze3_amd64.deb |
Debian | 6 | i386 | nfs-common | < 1:1.2.2-4squeeze3 | nfs-common_1:1.2.2-4squeeze3_i386.deb |
Debian | 6 | amd64 | nfs-common | < 1:1.2.2-4squeeze3 | nfs-common_1:1.2.2-4squeeze3_amd64.deb |
Debian | 6 | i386 | nfs-kernel-server | < 1:1.2.2-4squeeze3 | nfs-kernel-server_1:1.2.2-4squeeze3_i386.deb |
Debian | 6 | all | nfs-utils | < 1:1.2.2-4squeeze3 | nfs-utils_1:1.2.2-4squeeze3_all.deb |