CVE-2008-4552
published 2008-10-14CVE-2008-4552: The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.30%
81.1th percentile
The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nfs-utils | < nfs-utils 1:1.1.3-1 (bookworm) | nfs-utils 1:1.1.3-1 (bookworm) |
| nfs | nfs-utils | <= 1.1.2 | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | — | — |
| nfs | nfs-utils | >= 0 < 1:1.1.3-1 | 1:1.1.3-1 |
| nfs | nfs-utils | >= 0 < 1:1.1.3-1 | 1:1.1.3-1 |
| nfs | nfs-utils | >= 0 < 1:1.1.3-1 | 1:1.1.3-1 |
| nfs | nfs-utils | >= 0 < 1:1.1.3-1 | 1:1.1.3-1 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
nfs-utils vulnerability
vendor_ubuntu·2008-12-04
CVE-2008-4552 nfs-utils vulnerability
Title: nfs-utils vulnerability
Summary: nfs-utils vulnerability
It was discovered that nfs-utils did not properly enforce netgroup
restrictions when using TCP Wrappers. Remote attackers could bypass the
netgroup restrictions enabled by the administrator and possibly gain
access to sensitive information.
Instructions: After a standard system upgrade you need to restart nfs services to effect
the necessary changes.
Red Hat
nfs-utils: incorrect use of tcp_wrappers, causing hostname-based rules to be ignored
vendor_redhat·2008-08-05·CVSS 7.5
CVE-2008-4552 [HIGH] nfs-utils: incorrect use of tcp_wrappers, causing hostname-based rules to be ignored
nfs-utils: incorrect use of tcp_wrappers, causing hostname-based rules to be ignored
The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.
Debian
CVE-2008-4552: nfs-utils - The good_client function in nfs-utils 1.0.9, and possibly other versions before ...
vendor_debian·2008·CVSS 7.5
CVE-2008-4552 [HIGH] CVE-2008-4552: nfs-utils - The good_client function in nfs-utils 1.0.9, and possibly other versions before ...
The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.
Scope: local
bookworm: resolved (fixed in 1:1.1.3-1)
bullseye: resolved (fixed in 1:1.1.3-1)
forky: resolved (fixed in 1:1.1.3-1)
sid: resolved (fixed in 1:1.1.3-1)
trixie: resolved (fixed in 1:1.1.3-1)
GHSA
GHSA-jg64-hjmp-ccvg: The good_client function in nfs-utils 1
ghsa_unreviewed·2022-05-02
CVE-2008-4552 [HIGH] GHSA-jg64-hjmp-ccvg: The good_client function in nfs-utils 1
The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.
OSV
CVE-2008-4552: The good_client function in nfs-utils 1
osv·2008-10-14·CVSS 7.5
CVE-2008-4552 [HIGH] CVE-2008-4552: The good_client function in nfs-utils 1
The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.
No detection rules found.
No public exploits indexed.
Bugzilla
portmap: incorrect use of tcp_wrappers
bugzilla·2010-02-19·CVSS 7.5
CVE-2008-4552 [HIGH] portmap: incorrect use of tcp_wrappers
portmap: incorrect use of tcp_wrappers
good_client() function is portmap, which uses tcp_wrapper, is affected by the flaws previously described for the same function in nfs-utils:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4552#c8
With certain hosts.{allow,deny} rules, expected host access control restrictions may not be applied correctly. The problem does not affect configurations that has deny:ALL and only allow access for specific hosts / networks.
Additionally, portmap in Red Hat Enterprise Linux 3, 4 and 5 statically links libwrap.
Discussion:
In addition to problems described by Tomas Hoger above, as well as problems outlined in CVE-2008-4552, in some configurations the faulty code in good_client() has yet another effect that may cause portmap to become unresponsive.
Bugzilla
CVE-2012-3417 quota: incorrect use of tcp_wrappers
bugzilla·2010-02-19·CVSS 7.5
CVE-2012-3417 [HIGH] CVE-2012-3417 quota: incorrect use of tcp_wrappers
CVE-2012-3417 quota: incorrect use of tcp_wrappers
quota's good_client() (quota-tools/rquota_svc.c) seems to be based on good_client() used by nfs-utils and portmap and is affected by similar problems as described here:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4552#c8
With certain hosts.{allow,deny} rules, expected host access control restrictions may not be applied correctly. The problem does not affect configurations that has deny:ALL and only allow access for specific hosts / networks.
The issue was reported and fixed upstream:
http://sourceforge.net/tracker/?func=detail&aid=2743481&group_id=18136&atid=118136
http://linuxquota.cvs.sourceforge.net/viewvc/linuxquota/quota-tools/rquota_svc.c#rev1.21
Discussion:
Added CVE as per http://www.openwall.com/lists/oss-security/2
Bugzilla
Portmap reads /etc/hosts.{allow,deny} directly instead of using tcp_wrappers
bugzilla·2008-10-03
[MEDIUM] Portmap reads /etc/hosts.{allow,deny} directly instead of using tcp_wrappers
Portmap reads /etc/hosts.{allow,deny} directly instead of using tcp_wrappers
Description of problem:
When I disable some clinet using /etc/hosts.deny and clients IP, portmap still responds. When I use 'ALL' (and not client's IP), client stops responding.
Version-Release number of selected component (if applicable):
Server (RHEL-5.2, 192.168.122.245):
glibc-common-2.5-24.i386
portmap-4.0-65.2.2.1.i386
tcp_wrappers-7.6-40.4.el5.i386
ClientA (F8 mostly GOLD, 192.168.122.97):
rpcbind-0.1.4-11.fc8
ClientB (F9 updated, 192.168.122.1)
rpcbind-0.1.4-16.fc9.x86_64
How reproducible:
always (with steps below)
Steps to Reproduce:
1. Server runs portmap
Server# service portmap status
portmap (pid 20540) is running...
2. Server# cat /etc/hosts.allow
#
# hosts.allow This file describes the names o
http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlhttp://secunia.com/advisories/32346http://secunia.com/advisories/32481http://secunia.com/advisories/33006http://secunia.com/advisories/36538http://secunia.com/advisories/38794http://secunia.com/advisories/38833http://wiki.rpath.com/Advisories:rPSA-2008-0307http://www.mandriva.com/security/advisories?name=MDVSA-2009:060http://www.openwall.com/lists/oss-security/2012/07/19/2http://www.openwall.com/lists/oss-security/2012/07/19/5http://www.redhat.com/support/errata/RHSA-2009-1321.htmlhttp://www.securityfocus.com/archive/1/497935/100/0/threadedhttp://www.securityfocus.com/bid/31823http://www.ubuntu.com/usn/USN-687-1http://www.vupen.com/english/advisories/2010/0528https://bugzilla.redhat.com/show_bug.cgi?id=458676https://exchange.xforce.ibmcloud.com/vulnerabilities/45895https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11544https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8325http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlhttp://secunia.com/advisories/32346http://secunia.com/advisories/32481http://secunia.com/advisories/33006http://secunia.com/advisories/36538http://secunia.com/advisories/38794http://secunia.com/advisories/38833http://wiki.rpath.com/Advisories:rPSA-2008-0307http://www.mandriva.com/security/advisories?name=MDVSA-2009:060http://www.openwall.com/lists/oss-security/2012/07/19/2http://www.openwall.com/lists/oss-security/2012/07/19/5http://www.redhat.com/support/errata/RHSA-2009-1321.htmlhttp://www.securityfocus.com/archive/1/497935/100/0/threadedhttp://www.securityfocus.com/bid/31823http://www.ubuntu.com/usn/USN-687-1http://www.vupen.com/english/advisories/2010/0528https://bugzilla.redhat.com/show_bug.cgi?id=458676https://exchange.xforce.ibmcloud.com/vulnerabilities/45895https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11544https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8325
2008-10-14
Published