Name | CVE-2013-20001 |
Description | An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-3766-1 |
Debian Bugs | 1059322 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
zfs-linux (PTS) | stretch/contrib | 0.6.5.9-5 | vulnerable |
| buster/contrib (security), buster/contrib | 0.7.12-2+deb10u3 | fixed |
| bullseye/contrib | 2.0.3-9+deb11u1 | vulnerable |
| bookworm/contrib | 2.1.11-1 | vulnerable |
| sid/contrib, trixie/contrib | 2.2.6-2 | fixed |
The information below is based on the following data on fixed versions.
Notes
[bookworm] - zfs-linux <no-dsa> (contrib not supported)
[bullseye] - zfs-linux <no-dsa> (contrib not supported)
https://github.com/openzfs/zfs/commit/6cb5e1e7591da20af3a15793e022345a73e40fb7 (zfs-2.2.0-rc1)