'nfs-utils' Package for Red Hat Enterprise Linux 5 TCP Wrappers Security Bypass Vulnerability
BID:30466
Info
'nfs-utils' Package for Red Hat Enterprise Linux 5 TCP Wrappers Security Bypass Vulnerability
| Bugtraq ID: | 30466 |
| Class: | Access Validation Error |
| CVE: |
CVE-2008-1376 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 31 2008 12:00AM |
| Updated: | Jun 19 2009 08:50PM |
| Credit: | Josh Bressers from Red Hat Security Response |
| Vulnerable: |
Redhat nfs-utils 1.0.9-35z.el5_2 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Avaya Proactive Contact 4.1 Avaya Proactive Contact 4.0 Avaya Message Networking 3.1 Avaya Meeting Exchange 5.0 .0.52 Avaya Meeting Exchange 5.1 SP1 Avaya Meeting Exchange 5.1 Avaya Meeting Exchange 5.0 SP2 Avaya Meeting Exchange 5.0 SP1 Avaya Meeting Exchange 5.0 Avaya Intuity AUDIX LX 2.0 SP2 Avaya Intuity AUDIX LX 2.0 SP1 Avaya Intuity AUDIX LX 2.0 |
| Not Vulnerable: | |
Discussion
'nfs-utils' Package for Red Hat Enterprise Linux 5 TCP Wrappers Security Bypass Vulnerability
The 'nfs-utils' package is prone to a security-bypass vulnerability because it was not properly built with TCP Wrappers support.
Remote attackers can exploit this issue to bypass certain security restrictions and gain access to NFS services on vulnerable computers.
This issue occurs in the 'nfs-utils' package built with Red Hat Enterprise Linux 5.
The 'nfs-utils' package is prone to a security-bypass vulnerability because it was not properly built with TCP Wrappers support.
Remote attackers can exploit this issue to bypass certain security restrictions and gain access to NFS services on vulnerable computers.
This issue occurs in the 'nfs-utils' package built with Red Hat Enterprise Linux 5.
Exploit / POC
'nfs-utils' Package for Red Hat Enterprise Linux 5 TCP Wrappers Security Bypass Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
'nfs-utils' Package for Red Hat Enterprise Linux 5 TCP Wrappers Security Bypass Vulnerability
Solution:
The vendor has released an advisory and updates. Please see the references for more information.
Solution:
The vendor has released an advisory and updates. Please see the references for more information.
References
'nfs-utils' Package for Red Hat Enterprise Linux 5 TCP Wrappers Security Bypass Vulnerability
References:
References:
- Bugzilla Bug 440114: CVE-2008-1376 RHEL5 nfs-utils is missing tcp_wrappers suppo (Red Hat)
- nfs-utils Project Page (nfs-utils)
- ASA-2009-225 nfs-utils security and bug fix update (RHSA-2009-0955) (Avaya)
- RHSA-2008:0486-4 Moderate: nfs-utils security update (Red Hat)
- RHSA-2009:0955-2 nfs-utils security and bug fix update (Red Hat)