CVE-2008-4552

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.

References

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

http://secunia.com/advisories/32346

http://secunia.com/advisories/32481

http://secunia.com/advisories/33006

http://secunia.com/advisories/36538

http://secunia.com/advisories/38794

http://secunia.com/advisories/38833

http://wiki.rpath.com/Advisories:rPSA-2008-0307

http://www.mandriva.com/security/advisories?name=MDVSA-2009:060

http://www.openwall.com/lists/oss-security/2012/07/19/2

http://www.openwall.com/lists/oss-security/2012/07/19/5

http://www.redhat.com/support/errata/RHSA-2009-1321.html

http://www.securityfocus.com/archive/1/497935/100/0/threaded

http://www.securityfocus.com/bid/31823

http://www.ubuntu.com/usn/USN-687-1

http://www.vupen.com/english/advisories/2010/0528

https://bugzilla.redhat.com/show_bug.cgi?id=458676

https://exchange.xforce.ibmcloud.com/vulnerabilities/45895

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11544

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8325

Details

Source: MITRE

Published: 2008-10-14

Updated: 2018-10-11

Type: CWE-264

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
89737VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0004) (remote check)NessusVMware ESX Local Security Checks
high
60656Scientific Linux Security Update : nfs-utils on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
44993VMSA-2010-0004 : ESX Service Console and vMA third-party updatesNessusVMware ESX Local Security Checks
high
43784CentOS 5 : nfs-utils (CESA-2009:1321)NessusCentOS Local Security Checks
high
41564SuSE 10 Security Update : nfs-utils (ZYPP Patch Number 5713)NessusSuSE Local Security Checks
high
41250SuSE9 Security Update : nfs-utils (YOU Patch Number 12274)NessusSuSE Local Security Checks
high
40838RHEL 5 : nfs-utils (RHSA-2009:1321)NessusRed Hat Local Security Checks
high
37261Mandriva Linux Security Advisory : nfs-utils (MDVSA-2009:060)NessusMandriva Local Security Checks
high
36927Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : nfs-utils vulnerability (USN-687-1)NessusUbuntu Local Security Checks
high
35796GLSA-200903-06 : nfs-utils: Access restriction bypassNessusGentoo Local Security Checks
high