[Secure-testing-team] Bug#707401: nfs-utils: CVE-2013-1923: rpc.gssd is vulnerable to DNS spoofing
Salvatore Bonaccorso
carnil at debian.org
Thu May 9 08:15:30 UTC 2013
Package: nfs-utils
Version: 1:1.2.2-4squeeze2
Severity: important
Tags: security
Control: found -1 1:1.2.6-3
Hi,
the following vulnerability was published for nfs-utils.
CVE-2013-1923[0]:
rpc.gssd is vulnerable to DNS spoofing
An explanation is also available at [1]. New upstream version 1.2.8
avoids DNS reverse lookups on server names[2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1923
http://security-tracker.debian.org/tracker/CVE-2013-1923
[1] http://ssimo.org/blog/id_015.html
[2] https://www.kernel.org/pub/linux/utils/nfs-utils/1.2.8/1.2.8-ChangeLog
Regards,
Salvatore
More information about the Secure-testing-team
mailing list