CVE-2008-4552 — Nfs-utils vulnerability

CWE-2649 documents8 sources

Severity

7.5HIGHNVD

EPSS

1.4%

top 19.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NFS Nfs-utils

Timeline

PublishedOct 14

Latest updateMay 2

Description

The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDnfs/nfs-utils1.1.2+18

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-jg64-hjmp-ccvg: The good_client function in nfs-utils 1↗2022-05-02

▶

CVEList

CVE-2008-4552: The good_client function in nfs-utils 1↗2008-10-14

▶

OSV

CVE-2008-4552: The good_client function in nfs-utils 1↗2008-10-14

▶

📋Vendor Advisories

Ubuntu

nfs-utils vulnerability↗2008-12-04

▶

Red Hat

nfs-utils: incorrect use of tcp_wrappers, causing hostname-based rules to be ignored↗2008-08-05

▶

Debian

CVE-2008-4552: nfs-utils - The good_client function in nfs-utils 1.0.9, and possibly other versions before ...↗2008

▶

💬Community

Bugzilla

portmap: incorrect use of tcp_wrappers↗2010-02-19

▶

Bugzilla

CVE-2012-3417 quota: incorrect use of tcp_wrappers↗2010-02-19

▶