Gentoo Logo

nfs-utils: Access restriction bypass

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200903-06 / nfs-utils
Release Date March 07, 2009
Latest Revision March 07, 2009: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-fs/nfs-utils < 1.1.3 >= 1.1.3 All supported architectures

Related bugreports: #242696

Synopsis

An error in nfs-utils allows for bypass of the netgroups restriction.

2.  Impact Information

Background

nfs-utils contains the client and daemon implementations for the NFS protocol.

Description

Michele Marcionelli reported that nfs-utils invokes the hosts_ctl() function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups.

Impact

A remote attacker could bypass intended access restrictions, i.e. NFS netgroups, and gain access to restricted services.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All nfs-utils users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/nfs-utils-1.1.3"

4.  References

Print

Page updated March 07, 2009

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.