Ubuntu update for zfs-linux



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2013-20001
CWE-ID CWE-284
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Ubuntu
Operating systems & Components / Operating system

libuutil1linux (Ubuntu package)
Operating systems & Components / Operating system package or component

zfsutils-linux (Ubuntu package)
Operating systems & Components / Operating system package or component

libuutil3linux (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Improper access control

EUVDB-ID: #VU83503

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2013-20001

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to the network share.

The vulnerability exists due to improper validation of IPv6 addresses when an NFS share is exported to IPv6 address via the sharenfs feature. As a result, access restrictions are not applied. A remote attacker can connect to the share and gain access to files.

Mitigation

Update the affected package zfs-linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 23.04

libuutil1linux (Ubuntu package): before 0.8.3-1ubuntu12.16

zfsutils-linux (Ubuntu package): before 0.8.3-1ubuntu12.16

libuutil3linux (Ubuntu package): before 2.1.5-1ubuntu6~22.04.2

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6511-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###