Vulnerabilities > Linux NFS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-19 | CVE-2019-3689 | Incorrect Default Permissions vulnerability in Linux-Nfs Nfs-Utils The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. | 9.8 |
| 2014-02-26 | CVE-2011-1749 | Improper Input Validation vulnerability in Linux-Nfs Nfs-Utils The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | 3.3 |
| 2014-02-15 | CVE-2011-2500 | Permissions, Privileges, and Access Controls vulnerability in Linux-Nfs Nfs-Utils The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records. | 7.5 |
| 2014-01-21 | CVE-2013-1923 | Information Exposure vulnerability in Linux-Nfs Nfs-Utils rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks. | 3.2 |
| 2003-08-18 | CVE-2003-0252 | Off-by-one Error vulnerability in Linux-Nfs Nfs-Utils Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines. | 9.8 |