漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Race condition during concurrent TLS mounts in efs-utils
Vulnerability Description
efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel. In affected versions, concurrent mount operations can allocate the same local port, leading to either failed mount operations or an inappropriate mapping from an EFS customer’s local mount points to that customer’s EFS file systems. This issue is patched in version v1.34.4. There is no recommended work around. We recommend affected users update the installed version of efs-utils to v1.34.4 or later.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Vulnerability Title
Amazon efs-utils 竞争条件问题漏洞
Vulnerability Description
Amazon efs-utils是美国亚马逊(Amazon)公司的Amazon的EFS工具。 Amazon efs-utils v1.34.4之前版本存在竞争条件问题漏洞,该漏洞源于存在潜在的竞争条件问题,并发的挂载操作可能会分配相同的本地端口,导致挂载操作失败或者从EFS客户的本地挂载点到该客户的EFS文件系统的不适当的映射。
CVSS Information
N/A
Vulnerability Type
N/A