LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2003-0252 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0252 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2004-0154 CVE STATUS: Patched CVE SUMMARY: rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0154 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2004-0946 CVE STATUS: Patched CVE SUMMARY: rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0946 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2004-1014 CVE STATUS: Patched CVE SUMMARY: statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1014 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2008-4552 CVE STATUS: Patched CVE SUMMARY: The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4552 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2009-0180 CVE STATUS: Patched CVE SUMMARY: Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0180 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2011-1749 CVE STATUS: Patched CVE SUMMARY: The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL VECTORSTRING: AV:L/AC:M/Au:N/C:N/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1749 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2011-2500 CVE STATUS: Patched CVE SUMMARY: The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2500 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2013-1923 CVE STATUS: Patched CVE SUMMARY: rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks. CVSS v2 BASE SCORE: 3.2 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK VECTORSTRING: AV:A/AC:H/Au:N/C:P/I:P/A:N MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1923 LAYER: meta PACKAGE NAME: nfs-utils PACKAGE VERSION: 2.6.4 CVE: CVE-2019-3689 CVE STATUS: Patched CVE SUMMARY: The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3689