{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-02T00:00:00", "descriptions": [{"lang": "en", "value": "rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "58854", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/58854"}, {"name": "[linux-nfs] 20130403 Re: [PATCH] Avoid PTR lookups when possible", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=linux-nfs&m=136500502805121&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=948072"}, {"name": "openSUSE-SU-2013:1048", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00172.html"}, {"name": "openSUSE-SU-2013:1012", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00142.html"}, {"name": "openSUSE-SU-2013:1016", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00146.html"}, {"name": "nfsutils-cve20131923-spoofing(85331)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85331"}, {"name": "[linux-nfs] 20130402 Re: [PATCH] Avoid PTR lookups when possible", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=linux-nfs&m=136491998607561&w=2"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:36.900Z"}, "title": "CVE Program Container", "references": [{"name": "58854", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/58854"}, {"name": "[linux-nfs] 20130403 Re: [PATCH] Avoid PTR lookups when possible", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=linux-nfs&m=136500502805121&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=948072"}, {"name": "openSUSE-SU-2013:1048", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00172.html"}, {"name": "openSUSE-SU-2013:1012", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00142.html"}, {"name": "openSUSE-SU-2013:1016", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00146.html"}, {"name": "nfsutils-cve20131923-spoofing(85331)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85331"}, {"name": "[linux-nfs] 20130402 Re: [PATCH] Avoid PTR lookups when possible", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=linux-nfs&m=136491998607561&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1923", "datePublished": "2014-01-21T18:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:36.900Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linux-nfs:nfs-utils:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D711F9E-A267-44C2-B82D-77F63B53E3E6", "versionEndIncluding": "1.2.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:linux-nfs:nfs-utils:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3EAF1C0B-DB17-49CE-9E5C-6D8F4ED9DA73", "vulnerable": true}, {"criteria": "cpe:2.3:a:linux-nfs:nfs-utils:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B4F6F79C-FA8A-486E-9541-83D57052324D", "vulnerable": true}, {"criteria": "cpe:2.3:a:linux-nfs:nfs-utils:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "24A01AF1-E09A-4064-815F-3672B96B03BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:linux-nfs:nfs-utils:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "3AD74E58-7ACB-43BA-8B08-BCD543063B16", "vulnerable": true}, {"criteria": "cpe:2.3:a:linux-nfs:nfs-utils:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "6072D90D-6144-45F3-B48A-833EA441D089", "vulnerable": true}, {"criteria": "cpe:2.3:a:linux-nfs:nfs-utils:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "51C825D9-5B4E-4DB1-9F2D-BC45C24BA320", "vulnerable": true}, {"criteria": "cpe:2.3:a:linux-nfs:nfs-utils:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "BD63FB82-B020-46BA-B9DB-D3B90863133D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks."}, {"lang": "es", "value": "rpc-gssd en nfs-utils anterior a la versi\u00f3n 1.2.8 realiza resoluciones inversas de DNS en nombres de servidor durante la autenticaci\u00f3n GSSAPI, lo que podr\u00eda permitir a atacantes remotos leer archivos restringidos del mismo modo a trav\u00e9s de ataques de falsificaci\u00f3n de DNS."}], "id": "CVE-2013-1923", "lastModified": "2017-08-29T01:33:12.557", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.2, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-21T18:55:09.367", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00142.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00146.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00172.html"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=linux-nfs&m=136491998607561&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=linux-nfs&m=136500502805121&w=2"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/58854"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=948072"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85331"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "nfs-utils: rpc.gssd is vulnerable to DNS spoofing", "id": "948072", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=948072"}, "csaw": false, "cvss": {"cvss_base_score": "3.2", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:P/I:P/A:N", "status": "draft"}, "details": ["rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks."], "name": "CVE-2013-1923", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "nfs-utils", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "nfs-utils", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2013-04-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1923\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1923"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}