RHEL 3 : nfs-utils (RHSA-2004:072)

medium Nessus Plugin ID 12470

Synopsis

The remote Red Hat host is missing a security update.

Description

Updated nfs-utils packages that fix a flaw leading to possible rpc.mountd crashes are now available.

The nfs-utils package contains the rpc.mountd program, which implements the NFS mount protocol.

A flaw was discovered in versions of rpc.mountd in nfs-utils versions after 1.0.3 and prior to 1.0.6. When mounting a directory, rpc.mountd could crash if the reverse lookup of the client in DNS failed to match the forward lookup. An attacker who has the ability to mount remote directories from a server could make use of this flaw to cause a denial of service by making rpc.mountd crash.

Users are advised to upgrade to these updated packages, which contain nfs-utils 1.0.6 and is not vulnerable to this issue.

NOTE: Red Hat Enterprise Linux 2.1 includes a version of rpc.mountd that is not vulnerable to this issue.

Solution

Update the affected nfs-utils package.

See Also

https://access.redhat.com/security/cve/cve-2004-0154

http://www.nessus.org/u?5920de65

https://access.redhat.com/errata/RHSA-2004:072

Plugin Details

Severity: Medium

ID: 12470

File Name: redhat-RHSA-2004-072.nasl

Version: 1.31

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:nfs-utils, cpe:/o:redhat:enterprise_linux:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 3/11/2004

Vulnerability Publication Date: 6/14/2004

Reference Information

CVE: CVE-2004-0154

RHSA: 2004:072