The host_reliable_addrinfo function in support/export/hostname.c in
nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS
exports, which allows remote attackers to mount filesystems by establishing
crafted DNS A and PTR records.
Author | Note |
---|---|
mdeslaur | introduced in 1.2.3 |