Oracle Linux 6 : nfs-utils (ELSA-2011-1534)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2011-1534 advisory. 1.2.3-15 - mout.nfs: Don't roll back to IPv4 whe IPv6 fails bz 744657 - rpcdebug: Added pNFS and FSCache debugging bz 747400 1.2.3-14 - mount.nfs:...

CVE-2011-2500

The hostreliableaddrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records...