6 matches found
CVE-2019-3689
The CVE-2019-3689 issue affects the nfs-utils package on SUSE Linux Enterprise Server 12 (≤1.3.0-34.18.1) and SLES 15 (≤2.1.1-6.10.2). The directory /var/lib/nfs is owned by statd:nogroup, while files inside are root-owned. If statd is compromised, a process with root privileges could be tricked ...
CVE-2003-0252
CVE-2003-0252 describes an off-by-one overflow in the xlog() function used by mountd in the Linux nfs-utils package (pre-1.0.4). Exploitation could allow remote attackers to cause a denial of service and potentially execute arbitrary code via certain RPC requests to mountd that do not contain new...
CVE-2011-1749
The CVE-2011-1749 entry concerns nfs-utils before 1.2.4, where the nfs_addmntent function in support/nfs/nfs_mntent.c can append to /etc/mtab without considering resource limits, enabling local users to corrupt the file with a small RLIMIT_FSIZE value (tied to CVE-2011-1089). Several connected ad...
CVE-2011-2500
Summary: CVE-2011-2500 affects nfs-utils prior to 1.2.4, where host_reliable_addrinfo in support/export/hostname.c fails to properly verify NFS export access via DNS, enabling remote mounts via crafted DNS A/PTR records. Affected components: nfs-utils (before 1.2.4). Root cause: DNS-based access ...
CVE-2013-1923
CVE-2013-1923 concerns rpc-gssd in nfs-utils before 1.2.8, which performs reverse DNS resolution during GSSAPI authentication. This DNS spoofing could let an attacker read files that should be restricted by spoofing server names. The vulnerability is tied to the nfs-utils RPC GSSD component and i...
CVE-2025-12801
The CVE-2025-12801 issue affects the rpc.mountd daemon in the linux nfs-utils package. Affected component: rpc.mountd (NFSv3 context) in nfs-utils. Root cause/impact: a NFSv3 client can escalate privileges granted to it in the /etc/exports at mount time, enabling access to any subdirectory or sub...