Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3417

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-3417
Last Modified 14 Jan 2013 11:31:50
Published 13 Aug 2012 04:55:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-3417

Summary

The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny.

Vulnerable Systems

Application

  • Jan Kara Linux Diskquota 2.0

  • Jan Kara Linux Diskquota 3.01

  • Jan Kara Linux Diskquota 3.02

  • Jan Kara Linux Diskquota 3.03

  • Jan Kara Linux Diskquota 3.04

  • Jan Kara Linux Diskquota 3.05

  • Jan Kara Linux Diskquota 3.06

  • Jan Kara Linux Diskquota 3.07

  • Jan Kara Linux Diskquota 3.08

  • Jan Kara Linux Diskquota 3.09

  • Jan Kara Linux Diskquota 3.10

  • Jan Kara Linux Diskquota 3.11

  • Jan Kara Linux Diskquota 3.12

  • Jan Kara Linux Diskquota 3.13

  • Jan Kara Linux Diskquota 3.14

  • Jan Kara Linux Diskquota 3.15

  • Jan Kara Linux Diskquota 3.16


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=566717

MLIST - [oss-security] 20120719 Re: CVE Request: quota: incorrect use of tcp_wrappers

MLIST - [oss-security] 20120719 CVE Request: quota: incorrect use of tcp_wrappers

CONFIRM - http://sourceforge.net/tracker/?func=detail&aid=2743481&group_id=18136&atid=118136

CONFIRM - http://linuxquota.git.sourceforge.net/git/gitweb.cgi?p=linuxquota/linuxquota;a=commitdiff;h=0abbfe92536fa5854eb65572de0cf131f80e2387

SUSE - openSUSE-SU-2012:1058

REDHAT - RHSA-2013:0120

Related Patches

Red Hat 2013:0120-01 RHSA Low: quota security and bug fix update for RHEL 5 x86

Novell SUSE 2012:6724 quota security update for SLE 11 SP2 i586

Novell SUSE 2012:6724 quota security update for SLE 11 SP2 x86_64

Novell SUSE 2012:6737 quota security update for SLE 11 SP1 i586

Novell SUSE 2012:6737 quota security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8255 quota security update for SLE 10 SP4 i586

Novell SUSE 2012:8255 quota security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:51:40