oss-sec mailing list archives

Re: CVE Request (nfs-utils)

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 14 Oct 2008 14:47:51 -0400 (EDT)



======================================================
Name: CVE-2008-4552
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=458676

nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the
host_ctl function with the wrong order of arguments, which causes TCP
Wrappers to ignore netgroups and allows remote attackers to bypass
intended access restrictions.

Current thread:

CVE Request (nfs-utils) Josh Bressers (Oct 13)
- Re: CVE Request (nfs-utils) Steven M. Christey (Oct 14)