Detections
Analytics
MiracleLinux 3 : nfs-utils-1.0.9-60.AXS3 (AXSA:2012-253:01)
critical Nessus Plugin ID 284190
Synopsis
The remote MiracleLinux host is missing a security update.Description
The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-253:01 advisory.The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional Linux NFS server used by most users.
This package also contains the showmount program. Showmount queries the mount daemon on a remote host for information about the NFS (Network File System) server on the remote host. For example, showmount can display the clients which are mounted on that host.
This package also contains the mount.nfs and umount.nfs program.
Security issues fixed with this release:
CVE-2011-1749 No information available at the time of writing, please refer to the CVE links below.
Fixed bugs:
If the NFSv1, NFSv2, and NFSv4 support was disabled (the MOUNTD_NFS_V1=no, MOUNTD_NFS_V2=no MOUNTD_NFS_V3=no lines in /etc/sysconfig/nfs were uncommented), the nfs service would fail to start. This has been fixed.
Removed excessive logging in the /var/log/messages file if a user's Kerberos ticket expired.
The crash simulation (SM_SIMU_CRASH) of the rpc.statd service had a vulnerability that ISS (Internet Security Scanner) could detect. the rpc.statd would then crash with the following error:
rpc.statd[xxxx]: recv_rply: can't decode RPC message! rpc.statd[xxxx]: *** SIMULATING CRASH! *** rpc.statd[xxxx]: unable to register (statd, 1, udp).
Simulation crash support has been removed and the problem no longer occurs.
Previously, the nfs-utils init scripts returned incorrect status codes in the following cases:
if the rpcgssd and rpcsvcgssd daemon were not configured if the rpcgssd and rpcsvcgssd daemon were provided an unknown argument, if the rpcgssd and rpcsvcgssd daemon function call failed, if a program was no longer running and a /var/lock/subsys/$SERVICE file existed, if starting a service under an unprivileged user, if a program was no longer running and its pid file still existed in the /var/run/ directory.
The correct codes are now returned in these scenarios.
Fixed nfsstat -m command not displaying NFSv4 mounts.
Removed the unsupported fsc mount option from the man pages.
The nfs-utils preinstall scriptlet has been modified so that it changes the default group ID for the nfsnobody user to 65534 as expected.
The mount.nfs command with the -o retry option did not try to mount for the time specified in the retry=X configuration option; this has been fixed.
Enhancement:
Added the noresvport option: it allows NFS clients to use insecure ports (ports above 1023).
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected nfs-utils package.See Also
Plugin Details
Severity: Critical
ID: 284190
File Name: miracle_linux_AXSA-2012-253.nasl
Version: 1.1
Type: local
Published: 1/14/2026
Updated: 1/14/2026
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.2
Vendor
Vendor Severity: High
CVSS v2
Risk Factor: Low
Base Score: 3.3
Temporal Score: 2.4
Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P
CVSS Score Source: CVE-2011-1749
CVSS v3
Risk Factor: Critical
Base Score: 9.1
Temporal Score: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:miracle:linux:3, p-cpe:/a:miracle:linux:nfs-utils
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 3/7/2012
Vulnerability Publication Date: 4/21/2011
Reference Information
CVE: CVE-2011-1749