Bug#633155: Mixed IP/name-based access control can be bypassed (CVE-2011-2500)
Package: nfs-kernel-server
Version: 1:1.2.3-3
Severity: grave
Tags: patch
>From <https://bugzilla.redhat.com/show_bug.cgi?id=716949>:
> A security flaw was found in the way nfs-utils performed authentication
> of an incoming request, when an IP based authentication mechanism was used
> and certain file systems were exported to either to a netgroup or a wildcard
> (e.g. *.my.domain), and some file systems (either the same or different to
> the first set) were exported to specific hosts, IP addresses, or a subnet.
> A remote attacker, able to create global DNS entries could use this flaw
> to access above listed, exported file systems.
>
> References:
> [1] https://bugzilla.novell.com/show_bug.cgi?id=701702
> [2] http://www.openwall.com/lists/oss-security/2011/06/27/7
> (CVE Request)
>
> Relevant upstream patch:
> [3] http://marc.info/?l=linux-nfs&m=130875695821953&w=2
This bug appears to have been introduced in upstream version 1.2.3-rc4
and therefore should not affect squeeze or lenny.
Ben.
-- System Information:
Debian Release: wheezy/sid
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'oldstable-proposed-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.39-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: