Improper DNS Verification in NFS-Utils Allows Remote Filesystem Mounting
CVE-2011-2500 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records.
Learn more about our Web Application Penetration Testing UK.