| 1 |
davidwhodgins |
50 |
type: security |
| 2 |
|
|
subject: Updated nfs-utils packages fix security vulnerability |
| 3 |
|
|
CVE: |
| 4 |
|
|
- CVE-2013-1923 |
| 5 |
|
|
src: |
| 6 |
|
|
2: |
| 7 |
|
|
core: |
| 8 |
|
|
- nfs-utils-1.2.5-1.1.mga2 |
| 9 |
|
|
3: |
| 10 |
|
|
core: |
| 11 |
|
|
- nfs-utils-1.2.7-3.1.mga3 |
| 12 |
|
|
description: | |
| 13 |
|
|
It was reported that rpc.gssd in nfs-utils is vulnerable to DNS spoofing due |
| 14 |
|
|
to it depending on PTR resolution for GSSAPI authentication. Because of this, |
| 15 |
|
|
if a user where able to poison DNS to a victim's computer, they would be able |
| 16 |
|
|
to trick rpc.gssd into talking to another server (perhaps with less security) |
| 17 |
|
|
than the intended server (with stricter security). If the victim has write |
| 18 |
|
|
access to the second (less secure) server, and the attacker has read access |
| 19 |
|
|
(when they normally might not on the secure server), the victim could write |
| 20 |
|
|
files to that server, which the attacker could obtain (when normally they |
| 21 |
|
|
would not be able to). To the victim this is transparent because the victim's |
| 22 |
|
|
computer asks the KDC for a ticket to the second server due to reverse DNS |
| 23 |
|
|
resolution; in this case Krb5 authentication does not fail because the victim |
| 24 |
|
|
is talking to the "correct" server (CVE-2013-1923). |
| 25 |
|
|
references: |
| 26 |
|
|
- https://bugs.mageia.org/show_bug.cgi?id=10528 |
| 27 |
|
|
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1923 |
| 28 |
|
|
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00146.html |
Parent Directory
| 
Revision Log