[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#707401: nfs-utils: CVE-2013-1923: rpc.gssd is vulnerable to DNS spoofing

Package: nfs-utils
Version: 1:1.2.2-4squeeze2 
Severity: important
Tags: security
Control: found -1 1:1.2.6-3

Hi,

the following vulnerability was published for nfs-utils.

CVE-2013-1923[0]:
rpc.gssd is vulnerable to DNS spoofing

An explanation is also available at [1]. New upstream version 1.2.8
avoids DNS reverse lookups on server names[2].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1923
    http://security-tracker.debian.org/tracker/CVE-2013-1923
[1] http://ssimo.org/blog/id_015.html
[2] https://www.kernel.org/pub/linux/utils/nfs-utils/1.2.8/1.2.8-ChangeLog

Regards,
Salvatore
Reply to: