rhsa-2009_1321
Vulnerability from csaf_redhat
Published
2009-09-02 08:00
Modified
2024-11-22 02:43
Summary
Red Hat Security Advisory: nfs-utils security and bug fix update
Notes
Topic
An updated nfs-utils package that fixes a security issue and several bugs
is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
The nfs-utils package provides a daemon for the kernel NFS server and
related tools.
It was discovered that nfs-utils did not use tcp_wrappers correctly.
Certain hosts access rules defined in "/etc/hosts.allow" and
"/etc/hosts.deny" may not have been honored, possibly allowing remote
attackers to bypass intended access restrictions. (CVE-2008-4552)
This updated package also fixes the following bugs:
* the "LOCKD_TCPPORT" and "LOCKD_UDPPORT" options in "/etc/sysconfig/nfs"
were not honored: the lockd daemon continued to use random ports. With this
update, these options are honored. (BZ#434795)
* it was not possible to mount NFS file systems from a system that has
the "/etc/" directory mounted on a read-only file system (this could occur
on systems with an NFS-mounted root file system). With this update, it is
possible to mount NFS file systems from a system that has "/etc/" mounted
on a read-only file system. (BZ#450646)
* arguments specified by "STATDARG=" in "/etc/sysconfig/nfs" were removed
by the nfslock init script, meaning the arguments specified were never
passed to rpc.statd. With this update, the nfslock init script no longer
removes these arguments. (BZ#459591)
* when mounting an NFS file system from a host not specified in the NFS
server's "/etc/exports" file, a misleading "unknown host" error was logged
on the server (the hostname lookup did not fail). With this update, a
clearer error message is provided for these situations. (BZ#463578)
* the nhfsstone benchmark utility did not work with NFS version 3 and 4.
This update adds support to nhfsstone for NFS version 3 and 4. The new
nhfsstone "-2", "-3", and "-4" options are used to select an NFS version
(similar to nfsstat(8)). (BZ#465933)
* the exportfs(8) manual page contained a spelling mistake, "djando", in
the EXAMPLES section. (BZ#474848)
* in some situations the NFS server incorrectly refused mounts to hosts
that had a host alias in a NIS netgroup. (BZ#478952)
* in some situations the NFS client used its cache, rather than using
the latest version of a file or directory from a given export. This update
adds a new mount option, "lookupcache=", which allows the NFS client to
control how it caches files and directories. Note: The Red Hat Enterprise
Linux 5.4 kernel update (the fourth regular update) must be installed in
order to use the "lookupcache=" option. Also, "lookupcache=" is currently
only available for NFS version 3. Support for NFS version 4 may be
introduced in future Red Hat Enterprise Linux 5 updates. Refer to Red Hat
Bugzilla #511312 for further information. (BZ#489335)
Users of nfs-utils should upgrade to this updated package, which contains
backported patches to correct these issues. After installing this update,
the nfs service will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated nfs-utils package that fixes a security issue and several bugs\nis now available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The nfs-utils package provides a daemon for the kernel NFS server and\nrelated tools.\n\nIt was discovered that nfs-utils did not use tcp_wrappers correctly.\nCertain hosts access rules defined in \"/etc/hosts.allow\" and\n\"/etc/hosts.deny\" may not have been honored, possibly allowing remote\nattackers to bypass intended access restrictions. (CVE-2008-4552)\n\nThis updated package also fixes the following bugs:\n\n* the \"LOCKD_TCPPORT\" and \"LOCKD_UDPPORT\" options in \"/etc/sysconfig/nfs\"\nwere not honored: the lockd daemon continued to use random ports. With this\nupdate, these options are honored. (BZ#434795)\n\n* it was not possible to mount NFS file systems from a system that has\nthe \"/etc/\" directory mounted on a read-only file system (this could occur\non systems with an NFS-mounted root file system). With this update, it is\npossible to mount NFS file systems from a system that has \"/etc/\" mounted\non a read-only file system. (BZ#450646)\n\n* arguments specified by \"STATDARG=\" in \"/etc/sysconfig/nfs\" were removed\nby the nfslock init script, meaning the arguments specified were never\npassed to rpc.statd. With this update, the nfslock init script no longer\nremoves these arguments. (BZ#459591)\n\n* when mounting an NFS file system from a host not specified in the NFS\nserver\u0027s \"/etc/exports\" file, a misleading \"unknown host\" error was logged\non the server (the hostname lookup did not fail). With this update, a\nclearer error message is provided for these situations. (BZ#463578)\n\n* the nhfsstone benchmark utility did not work with NFS version 3 and 4.\nThis update adds support to nhfsstone for NFS version 3 and 4. The new\nnhfsstone \"-2\", \"-3\", and \"-4\" options are used to select an NFS version\n(similar to nfsstat(8)). (BZ#465933)\n\n* the exportfs(8) manual page contained a spelling mistake, \"djando\", in\nthe EXAMPLES section. (BZ#474848)\n\n* in some situations the NFS server incorrectly refused mounts to hosts\nthat had a host alias in a NIS netgroup. (BZ#478952)\n\n* in some situations the NFS client used its cache, rather than using\nthe latest version of a file or directory from a given export. This update\nadds a new mount option, \"lookupcache=\", which allows the NFS client to\ncontrol how it caches files and directories. Note: The Red Hat Enterprise\nLinux 5.4 kernel update (the fourth regular update) must be installed in\norder to use the \"lookupcache=\" option. Also, \"lookupcache=\" is currently\nonly available for NFS version 3. Support for NFS version 4 may be\nintroduced in future Red Hat Enterprise Linux 5 updates. Refer to Red Hat\nBugzilla #511312 for further information. (BZ#489335)\n\nUsers of nfs-utils should upgrade to this updated package, which contains\nbackported patches to correct these issues. After installing this update,\nthe nfs service will be restarted automatically.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1321",
"url": "https://access.redhat.com/errata/RHSA-2009:1321"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "434795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=434795"
},
{
"category": "external",
"summary": "450646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=450646"
},
{
"category": "external",
"summary": "458676",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458676"
},
{
"category": "external",
"summary": "459591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459591"
},
{
"category": "external",
"summary": "463578",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=463578"
},
{
"category": "external",
"summary": "465933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=465933"
},
{
"category": "external",
"summary": "474848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=474848"
},
{
"category": "external",
"summary": "489335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=489335"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1321.json"
}
],
"title": "Red Hat Security Advisory: nfs-utils security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T02:43:43+00:00",
"generator": {
"date": "2024-11-22T02:43:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2009:1321",
"initial_release_date": "2009-09-02T08:00:00+00:00",
"revision_history": [
{
"date": "2009-09-02T08:00:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-09-01T06:27:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T02:43:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nfs-utils-1:1.0.9-42.el5.src",
"product": {
"name": "nfs-utils-1:1.0.9-42.el5.src",
"product_id": "nfs-utils-1:1.0.9-42.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nfs-utils@1.0.9-42.el5?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nfs-utils-1:1.0.9-42.el5.x86_64",
"product": {
"name": "nfs-utils-1:1.0.9-42.el5.x86_64",
"product_id": "nfs-utils-1:1.0.9-42.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nfs-utils@1.0.9-42.el5?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.x86_64",
"product": {
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.x86_64",
"product_id": "nfs-utils-debuginfo-1:1.0.9-42.el5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nfs-utils-debuginfo@1.0.9-42.el5?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nfs-utils-1:1.0.9-42.el5.i386",
"product": {
"name": "nfs-utils-1:1.0.9-42.el5.i386",
"product_id": "nfs-utils-1:1.0.9-42.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nfs-utils@1.0.9-42.el5?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.i386",
"product": {
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.i386",
"product_id": "nfs-utils-debuginfo-1:1.0.9-42.el5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nfs-utils-debuginfo@1.0.9-42.el5?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "nfs-utils-1:1.0.9-42.el5.ia64",
"product": {
"name": "nfs-utils-1:1.0.9-42.el5.ia64",
"product_id": "nfs-utils-1:1.0.9-42.el5.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nfs-utils@1.0.9-42.el5?arch=ia64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.ia64",
"product": {
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.ia64",
"product_id": "nfs-utils-debuginfo-1:1.0.9-42.el5.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nfs-utils-debuginfo@1.0.9-42.el5?arch=ia64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "nfs-utils-1:1.0.9-42.el5.ppc",
"product": {
"name": "nfs-utils-1:1.0.9-42.el5.ppc",
"product_id": "nfs-utils-1:1.0.9-42.el5.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nfs-utils@1.0.9-42.el5?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.ppc",
"product": {
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.ppc",
"product_id": "nfs-utils-debuginfo-1:1.0.9-42.el5.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nfs-utils-debuginfo@1.0.9-42.el5?arch=ppc\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "nfs-utils-1:1.0.9-42.el5.s390x",
"product": {
"name": "nfs-utils-1:1.0.9-42.el5.s390x",
"product_id": "nfs-utils-1:1.0.9-42.el5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nfs-utils@1.0.9-42.el5?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.s390x",
"product": {
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.s390x",
"product_id": "nfs-utils-debuginfo-1:1.0.9-42.el5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nfs-utils-debuginfo@1.0.9-42.el5?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-1:1.0.9-42.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:nfs-utils-1:1.0.9-42.el5.i386"
},
"product_reference": "nfs-utils-1:1.0.9-42.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-1:1.0.9-42.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:nfs-utils-1:1.0.9-42.el5.ia64"
},
"product_reference": "nfs-utils-1:1.0.9-42.el5.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-1:1.0.9-42.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:nfs-utils-1:1.0.9-42.el5.ppc"
},
"product_reference": "nfs-utils-1:1.0.9-42.el5.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-1:1.0.9-42.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:nfs-utils-1:1.0.9-42.el5.s390x"
},
"product_reference": "nfs-utils-1:1.0.9-42.el5.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-1:1.0.9-42.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:nfs-utils-1:1.0.9-42.el5.src"
},
"product_reference": "nfs-utils-1:1.0.9-42.el5.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-1:1.0.9-42.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:nfs-utils-1:1.0.9-42.el5.x86_64"
},
"product_reference": "nfs-utils-1:1.0.9-42.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.i386"
},
"product_reference": "nfs-utils-debuginfo-1:1.0.9-42.el5.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.ia64"
},
"product_reference": "nfs-utils-debuginfo-1:1.0.9-42.el5.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.ppc"
},
"product_reference": "nfs-utils-debuginfo-1:1.0.9-42.el5.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.s390x"
},
"product_reference": "nfs-utils-debuginfo-1:1.0.9-42.el5.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.x86_64"
},
"product_reference": "nfs-utils-debuginfo-1:1.0.9-42.el5.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-1:1.0.9-42.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:nfs-utils-1:1.0.9-42.el5.i386"
},
"product_reference": "nfs-utils-1:1.0.9-42.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-1:1.0.9-42.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:nfs-utils-1:1.0.9-42.el5.ia64"
},
"product_reference": "nfs-utils-1:1.0.9-42.el5.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-1:1.0.9-42.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:nfs-utils-1:1.0.9-42.el5.ppc"
},
"product_reference": "nfs-utils-1:1.0.9-42.el5.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-1:1.0.9-42.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:nfs-utils-1:1.0.9-42.el5.s390x"
},
"product_reference": "nfs-utils-1:1.0.9-42.el5.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-1:1.0.9-42.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:nfs-utils-1:1.0.9-42.el5.src"
},
"product_reference": "nfs-utils-1:1.0.9-42.el5.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-1:1.0.9-42.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:nfs-utils-1:1.0.9-42.el5.x86_64"
},
"product_reference": "nfs-utils-1:1.0.9-42.el5.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.i386"
},
"product_reference": "nfs-utils-debuginfo-1:1.0.9-42.el5.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.ia64"
},
"product_reference": "nfs-utils-debuginfo-1:1.0.9-42.el5.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.ppc"
},
"product_reference": "nfs-utils-debuginfo-1:1.0.9-42.el5.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.s390x"
},
"product_reference": "nfs-utils-debuginfo-1:1.0.9-42.el5.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nfs-utils-debuginfo-1:1.0.9-42.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.x86_64"
},
"product_reference": "nfs-utils-debuginfo-1:1.0.9-42.el5.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-4552",
"discovery_date": "2008-08-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "458676"
}
],
"notes": [
{
"category": "description",
"text": "The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nfs-utils: incorrect use of tcp_wrappers, causing hostname-based rules to be ignored",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client:nfs-utils-1:1.0.9-42.el5.i386",
"5Client:nfs-utils-1:1.0.9-42.el5.ia64",
"5Client:nfs-utils-1:1.0.9-42.el5.ppc",
"5Client:nfs-utils-1:1.0.9-42.el5.s390x",
"5Client:nfs-utils-1:1.0.9-42.el5.src",
"5Client:nfs-utils-1:1.0.9-42.el5.x86_64",
"5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.i386",
"5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.ia64",
"5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.ppc",
"5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.s390x",
"5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.x86_64",
"5Server:nfs-utils-1:1.0.9-42.el5.i386",
"5Server:nfs-utils-1:1.0.9-42.el5.ia64",
"5Server:nfs-utils-1:1.0.9-42.el5.ppc",
"5Server:nfs-utils-1:1.0.9-42.el5.s390x",
"5Server:nfs-utils-1:1.0.9-42.el5.src",
"5Server:nfs-utils-1:1.0.9-42.el5.x86_64",
"5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.i386",
"5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.ia64",
"5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.ppc",
"5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.s390x",
"5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-4552"
},
{
"category": "external",
"summary": "RHBZ#458676",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458676"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-4552",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4552"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-4552",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4552"
}
],
"release_date": "2008-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-09-02T08:00:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client:nfs-utils-1:1.0.9-42.el5.i386",
"5Client:nfs-utils-1:1.0.9-42.el5.ia64",
"5Client:nfs-utils-1:1.0.9-42.el5.ppc",
"5Client:nfs-utils-1:1.0.9-42.el5.s390x",
"5Client:nfs-utils-1:1.0.9-42.el5.src",
"5Client:nfs-utils-1:1.0.9-42.el5.x86_64",
"5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.i386",
"5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.ia64",
"5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.ppc",
"5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.s390x",
"5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.x86_64",
"5Server:nfs-utils-1:1.0.9-42.el5.i386",
"5Server:nfs-utils-1:1.0.9-42.el5.ia64",
"5Server:nfs-utils-1:1.0.9-42.el5.ppc",
"5Server:nfs-utils-1:1.0.9-42.el5.s390x",
"5Server:nfs-utils-1:1.0.9-42.el5.src",
"5Server:nfs-utils-1:1.0.9-42.el5.x86_64",
"5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.i386",
"5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.ia64",
"5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.ppc",
"5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.s390x",
"5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1321"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"5Client:nfs-utils-1:1.0.9-42.el5.i386",
"5Client:nfs-utils-1:1.0.9-42.el5.ia64",
"5Client:nfs-utils-1:1.0.9-42.el5.ppc",
"5Client:nfs-utils-1:1.0.9-42.el5.s390x",
"5Client:nfs-utils-1:1.0.9-42.el5.src",
"5Client:nfs-utils-1:1.0.9-42.el5.x86_64",
"5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.i386",
"5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.ia64",
"5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.ppc",
"5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.s390x",
"5Client:nfs-utils-debuginfo-1:1.0.9-42.el5.x86_64",
"5Server:nfs-utils-1:1.0.9-42.el5.i386",
"5Server:nfs-utils-1:1.0.9-42.el5.ia64",
"5Server:nfs-utils-1:1.0.9-42.el5.ppc",
"5Server:nfs-utils-1:1.0.9-42.el5.s390x",
"5Server:nfs-utils-1:1.0.9-42.el5.src",
"5Server:nfs-utils-1:1.0.9-42.el5.x86_64",
"5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.i386",
"5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.ia64",
"5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.ppc",
"5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.s390x",
"5Server:nfs-utils-debuginfo-1:1.0.9-42.el5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nfs-utils: incorrect use of tcp_wrappers, causing hostname-based rules to be ignored"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.