How to Buy
This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
It was discovered that nfs-utils did not use tcp_wrappers correctly.
Certain hosts access rules defined in '/etc/hosts.allow' and
'/etc/hosts.deny' may not have been honored, possibly allowing remote
attackers to bypass intended access restrictions. (CVE-2008-4552)
This updated package also fixes the following bugs :
- the 'LOCKD_TCPPORT' and 'LOCKD_UDPPORT' options in
'/etc/sysconfig/nfs' were not honored: the lockd daemon
continued to use random ports. With this update, these
options are honored. (BZ#434795)
- it was not possible to mount NFS file systems from a
system that has the '/etc/' directory mounted on a
read-only file system (this could occur on systems with
an NFS-mounted root file system). With this update, it
is possible to mount NFS file systems from a system that
has '/etc/' mounted on a read-only file system.
- arguments specified by 'STATDARG=' in
'/etc/sysconfig/nfs' were removed by the nfslock init
script, meaning the arguments specified were never
passed to rpc.statd. With this update, the nfslock init
script no longer removes these arguments. (BZ#459591)
- when mounting an NFS file system from a host not
specified in the NFS server's '/etc/exports' file, a
misleading 'unknown host' error was logged on the server
(the hostname lookup did not fail). With this update, a
clearer error message is provided for these situations.
- the nhfsstone benchmark utility did not work with NFS
version 3 and 4. This update adds support to nhfsstone
for NFS version 3 and 4. The new nhfsstone '-2', '-3',
and '-4' options are used to select an NFS version
(similar to nfsstat(8)). (BZ#465933)
- the exportfs(8) manual page contained a spelling
mistake, 'djando', in the EXAMPLES section. (BZ#474848)
- in some situations the NFS server incorrectly refused
mounts to hosts that had a host alias in a NIS netgroup.
- in some situations the NFS client used its cache, rather
than using the latest version of a file or directory
from a given export. This update adds a new mount
option, 'lookupcache=', which allows the NFS client to
control how it caches files and directories. Note: The
Scientific Linux 2.6.18-164 or later kernel update must
be installed in order to use the 'lookupcache=' option.
Also, 'lookupcache=' is currently only available for NFS
version 3. Support for NFS version 4 may be introduced
in future Scientific Linux 5 updates. (BZ#489335)
After installing this update, the nfs service will be restarted
Note: This update is already in SL 5.4
See also :
Update the affected nfs-utils, nfs-utils-lib and / or
Risk factor :
High / CVSS Base Score : 7.5
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60656 ()
CVE ID: CVE-2008-4552
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.