1 |
davidwhodgins |
50 |
type: security |
2 |
|
|
subject: Updated nfs-utils packages fix security vulnerability |
3 |
|
|
CVE: |
4 |
|
|
- CVE-2013-1923 |
5 |
|
|
src: |
6 |
|
|
2: |
7 |
|
|
core: |
8 |
|
|
- nfs-utils-1.2.5-1.1.mga2 |
9 |
|
|
3: |
10 |
|
|
core: |
11 |
|
|
- nfs-utils-1.2.7-3.1.mga3 |
12 |
|
|
description: | |
13 |
|
|
It was reported that rpc.gssd in nfs-utils is vulnerable to DNS spoofing due |
14 |
|
|
to it depending on PTR resolution for GSSAPI authentication. Because of this, |
15 |
|
|
if a user where able to poison DNS to a victim's computer, they would be able |
16 |
|
|
to trick rpc.gssd into talking to another server (perhaps with less security) |
17 |
|
|
than the intended server (with stricter security). If the victim has write |
18 |
|
|
access to the second (less secure) server, and the attacker has read access |
19 |
|
|
(when they normally might not on the secure server), the victim could write |
20 |
|
|
files to that server, which the attacker could obtain (when normally they |
21 |
|
|
would not be able to). To the victim this is transparent because the victim's |
22 |
|
|
computer asks the KDC for a ticket to the second server due to reverse DNS |
23 |
|
|
resolution; in this case Krb5 authentication does not fail because the victim |
24 |
|
|
is talking to the "correct" server (CVE-2013-1923). |
25 |
|
|
references: |
26 |
|
|
- https://bugs.mageia.org/show_bug.cgi?id=10528 |
27 |
|
|
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00146.html |