CVE-2013-1923
NONE
Published Jan 21, 201412y ago · Modified Jun 16, 20262w ago
Published Jan 21, 2014 12y ago
Last Modified Jun 16, 2026 2w ago
Description
rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 8
References 8
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-06/msg00142.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-06/msg00146.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-06/msg00172.html
- marc.info http://marc.info/?l=linux-nfs&m=136491998607561&w=2
- marc.info http://marc.info/?l=linux-nfs&m=136500502805121&w=2
- securityfocus.com http://www.securityfocus.com/bid/58854
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=948072
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/85331
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.