Bug#508419: marked as done ([nfs-utils] [CVE-2008-4552] TCP wrappers vulnerability)

Debian Bug Tracking System Mon, 02 Mar 2009 22:47:04 -0800

Your message dated Tue, 3 Mar 2009 17:39:19 +1100
with message-id <20090303063919.gp19...@debianrules.debiancolombia.org>
and subject line Re: Bug#508419: is this a duplicate of a closed one?
has caused the Debian Bug report #508419,
regarding [nfs-utils] [CVE-2008-4552] TCP wrappers vulnerability
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
508419: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508419
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: nfs-kernel-server
Version: 1:1.0.10-6+etch.1
Severity: grave
Tags: security

Quoting from CVE-2008-4552:

»nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the 
hosts_ctl function with the wrong order of arguments, which causes TCP 
Wrappers to ignore netgroups and allows remote attackers to bypass intended 
access restrictions.«

(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552)

This has already been fixed in Ubuntu:
http://www.ubuntu.com/usn/USN-687-1

--- End Message ---

--- Begin Message ---

Version: 1:1.1.2-6lenny1

On Sun, Feb 22, 2009 at 04:07:08PM -0500, Yaroslav Halchenko wrote:
>I wonder if this bug is actually a duplicate of 
>
>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502680
>
>which was closed long ago...hence this one should be killed,

Indeed. Closing accordingly. Thank you.

>or otherwise some people might see evil
>
>grave bugs of nfs-kernel-server (1:1.0.10-6+etch.1 -> 1:1.1.2-6lenny1) 
><pending>
> #508419 - [nfs-utils] [CVE-2008-4552] TCP wrappers vulnerability
>
>during etch -> lenny upgrade
>-- 
>Yaroslav Halchenko
>Research Assistant, Psychology Department, Rutgers-Newark
>Student  Ph.D. @ CS Dept. NJIT
>Office: (973) 353-1412 | FWD: 82823 | Fax: (973) 353-1171
>        101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102
>WWW:     http://www.linkedin.com/in/yarik

signature.asc
Description: Digital signature

--- End Message ---

Bug#508419: marked as done ([nfs-utils] [CVE-2008-4552] TCP wrappers vulnerability)

Reply via email to