Package: nfs-utils Version: 1:1.1.2-6 Severity: serious Tags: patch security pending Owner: Steffen Joeris <[EMAIL PROTECTED]>
On Sun, Oct 19, 2008 at 11:57:28AM +1100, Steffen Joeris wrote: >Hi > >I am currently looking at the new nfs-utils issue[0]. Red Hat has more >information in their bugreport[1] including the patch. I am trying to >figure out the severity of this issue. Now, I am not using nfs in any >complex environment, so I am not sure. From what I can read in the >bugreport, it only means that the netgroup privileges are ignored, thus >additional privileges you should have are missing. Therefore, it >doesn't sound too severe, but I am probably missing something. What's >your opinion on the issue? > >(BTW it's fixed in unstable, but apparently not in lenny or etch). > >Cheers Steffen > >[0]: >http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552 >[1]: https://bugzilla.redhat.com/show_bug.cgi?id=458676 --- support/misc/tcpwrapper.c 2008-03-15 02:46:29.000000000 +1100 +++ support/misc/tcpwrapper.c 2008-10-19 13:58:12.000000000 +1100 @@ -125,12 +125,12 @@ struct sockaddr_in *addr; return 0; /* Check the official name first. */ - if (hosts_ctl(daemon, "", hp->h_name, "")) + if (hosts_ctl(daemon, hp->h_name, "", "")) return 1; /* Check aliases. */ for (sp = hp->h_aliases; *sp ; sp++) { - if (hosts_ctl(daemon, "", *sp, "")) + if (hosts_ctl(daemon, *sp, "", "")) return 1; }
signature.asc
Description: Digital signature
