Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4552

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-4552
Last Modified 22 Jan 2013 11:03:51
Published 14 Oct 2008 04:00:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4552

Summary

The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.

Vulnerable Systems

Application

  • Nfs-utils 0.2

  • Nfs-utils 0.2.1

  • Nfs-utils 0.3.1

  • Nfs-utils 0.3.3

  • Nfs-utils 1.0

  • Nfs-utils 1.0.1

  • Nfs-utils 1.0.10

  • Nfs-utils 1.0.11

  • Nfs-utils 1.0.12

  • Nfs-utils 1.0.2

  • Nfs-utils 1.0.3

  • Nfs-utils 1.0.4

  • Nfs-utils 1.0.6

  • Nfs-utils 1.0.7

  • Nfs-utils 1.0.8

  • Nfs-utils 1.0.9

  • Nfs-utils 1.1.0

  • Nfs-utils 1.1.1

  • Nfs-utils 1.1.2


References

BID - 31823

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=458676

XF - nfsutils-hostctl-security-bypass(45895)

VUPEN - ADV-2010-0528

UBUNTU - USN-687-1

BUGTRAQ - 20081030 rPSA-2008-0307-1 nfs-client nfs-server nfs-utils

MANDRIVA - MDVSA-2009:060

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0307

SECUNIA - 38833

SECUNIA - 38794

SECUNIA - 33006

SECUNIA - 32481

SECUNIA - 32346

MLIST - [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates

MLIST - [oss-security] 20120719 Re: CVE Request: quota: incorrect use of tcp_wrappers

MLIST - [oss-security] 20120719 CVE Request: quota: incorrect use of tcp_wrappers

REDHAT - RHSA-2009:1321

SECUNIA - 36538


Last Updated: 27 May 2016 10:51:41