CVE-2012-3417
Vulnerability from cvelistv5
Published
2012-08-13 20:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:1058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15509723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=566717"
},
{
"name": "[oss-security] 20120719 CVE Request: quota: incorrect use of tcp_wrappers",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/2"
},
{
"name": "RHSA-2013:0120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0120.html"
},
{
"name": "[oss-security] 20120719 Re: CVE Request: quota: incorrect use of tcp_wrappers",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linuxquota.git.sourceforge.net/git/gitweb.cgi?p=linuxquota/linuxquota%3Ba=commitdiff%3Bh=0abbfe92536fa5854eb65572de0cf131f80e2387"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=2743481\u0026group_id=18136\u0026atid=118136"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2012:1058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15509723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=566717"
},
{
"name": "[oss-security] 20120719 CVE Request: quota: incorrect use of tcp_wrappers",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/2"
},
{
"name": "RHSA-2013:0120",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0120.html"
},
{
"name": "[oss-security] 20120719 Re: CVE Request: quota: incorrect use of tcp_wrappers",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linuxquota.git.sourceforge.net/git/gitweb.cgi?p=linuxquota/linuxquota%3Ba=commitdiff%3Bh=0abbfe92536fa5854eb65572de0cf131f80e2387"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=2743481\u0026group_id=18136\u0026atid=118136"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3417",
"datePublished": "2012-08-13T20:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2012-3417\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-08-13T20:55:08.867\",\"lastModified\":\"2024-11-21T01:40:49.877\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n good_client en rquotad (rquota_svc.c) en Linux DiskQuota (tambi\u00e9n conocido como quota) antes de v3.17 invoca la funci\u00f3n hosts_ctl la primera vez sin un nombre de host, lo que podr\u00eda permitir a atacantes remotos evitar reglas TCP Wrappers en hosts.deny.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.16\",\"matchCriteriaId\":\"77F28BE0-037E-479E-A95C-6D681A6A19C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9362964B-6440-4545-BA65-7DDF6F29EA9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC51763E-994F-4A1C-893F-F186E4183581\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.01:pre2:*:*:*:*:*:*\",\"matchCriteriaId\":\"46E8BDF5-3C93-4BF3-9503-41B55C776F61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.01:pre3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9FB7D18-42CF-4E7B-B40E-18C06C841F9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.01:pre4:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD819541-2B75-4B1A-944C-605716422CE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.01:pre5:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8FCA58F-35C8-4D3C-94CF-594E14EC9E0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.01:pre6:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB6F8082-6F27-4286-81B6-E1ED607CB45E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.01:pre7:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C605E2C-BCBD-427E-85F3-0E282C0BEE5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.01:pre8:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D7F99C5-39EC-44E4-9BB9-383C3CDD3ACD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.01:pre9:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A970116-FDBF-4FD1-B7DA-389D0D5B26C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28CADF62-A14E-485F-B3B7-3CBD922323B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F455BF2F-6913-4C6C-990C-2BF7111D0A51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA3935BE-8F69-4D28-850B-4BD70B728F98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B8E9A47-5978-4D33-B1CC-42611C4A5C7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC58E3FE-1DE7-4D76-A87B-39B92280EB61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.07:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3827120E-3541-45BE-8B96-D400EEEF0A58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E847D560-7C32-46C6-845C-0C0327B42333\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.09:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D8B35F1-6FEA-4AA9-A0C2-7A97E0152FEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D787327-0E84-4653-B3B2-D38F47D84FDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"880A3DD5-7D43-4041-87F3-6A8207152795\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2B57FEA-4C06-4024-8A7B-52B4364613DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFD7032-83F8-4A59-BFB8-4ED75F1E1A8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E96579A-6FCF-4BB9-84A5-067EAFC1323C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jan_kara:linux_diskquota:3.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2CD41A4-556A-4F61-BAFE-5D6602FEAEF5\"}]}]}],\"references\":[{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://linuxquota.git.sourceforge.net/git/gitweb.cgi?p=linuxquota/linuxquota%3Ba=commitdiff%3Bh=0abbfe92536fa5854eb65572de0cf131f80e2387\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0120.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sourceforge.net/tracker/?func=detail\u0026aid=2743481\u0026group_id=18136\u0026atid=118136\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/07/19/2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/07/19/5\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=566717\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://hermes.opensuse.org/messages/15509723\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://linuxquota.git.sourceforge.net/git/gitweb.cgi?p=linuxquota/linuxquota%3Ba=commitdiff%3Bh=0abbfe92536fa5854eb65572de0cf131f80e2387\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0120.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/tracker/?func=detail\u0026aid=2743481\u0026group_id=18136\u0026atid=118136\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/07/19/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/07/19/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=566717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://hermes.opensuse.org/messages/15509723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.