nfs-utils host_ctl() Incorrect Argument Order Lets Remote Users Bypass Access Controls
|
|
SecurityTracker Alert ID: 1021067 |
|
SecurityTracker URL: http://securitytracker.com/id/1021067
|
|
CVE Reference:
CVE-2008-4552
(Links to External Site)
|
Date: Oct 20 2008
|
Impact:
Host/resource access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.0.9, possibly others prior to 1.1.3
|
Description:
A vulnerability was reported in nfs-utils. A remote user can bypass certain access controls.
The software calls the host_ctl() function with arguments in the wrong order. As a result, TCP Wrappers will ignore netgroups. A remote user can bypass access control restrictions.
|
Impact:
A remote user can bypass certain TCP Wrappers access controls.
|
Solution:
Version 1.1.3 contains a fix.
|
Vendor URL: linux-nfs.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Mon, 20 Oct 2008 08:40:56 -0400
Subject: nfs-utils
|
https://bugzilla.redhat.com/show_bug.cgi?id=458676
CVE id CVE-2008-4552 was assigned to this issue:
nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the
host_ctl function with the wrong order of arguments, which causes TCP
Wrappers to ignore netgroups and allows remote attackers to bypass
intended access restrictions.
|
|
