[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-4552Date: (C)2008-10-14   (M)2023-12-22


The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/497935/100/0/threaded
BID-31823
SECUNIA-32346
SECUNIA-32481
SECUNIA-33006
SECUNIA-36538
SECUNIA-38794
SECUNIA-38833
ADV-2010-0528
MDVSA-2009:060
RHSA-2009:1321
USN-687-1
http://www.openwall.com/lists/oss-security/2012/07/19/2
http://www.openwall.com/lists/oss-security/2012/07/19/5
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://wiki.rpath.com/Advisories:rPSA-2008-0307
https://bugzilla.redhat.com/show_bug.cgi?id=458676
nfsutils-hostctl-security-bypass(45895)
oval:org.mitre.oval:def:11544
oval:org.mitre.oval:def:8325

CWE    1
CWE-264
OVAL    4
oval:org.secpod.oval:def:500671
oval:org.secpod.oval:def:300480
oval:org.secpod.oval:def:202173
oval:org.secpod.oval:def:202083
...

© SecPod Technologies