Executive Summary
Summary | |
---|---|
Title | nfs-utils security update |
Informations | |||
---|---|---|---|
Name | RHSA-2008:0486 | First vendor Publication | 2008-07-31 |
Vendor | RedHat | Last vendor Modification | 2008-07-31 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated nfs-utils package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The nfs-utils package provides a daemon for the kernel NFS server and related tools. A flaw was found in the nfs-utils package build. The nfs-utils package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2008-1376) Users of nfs-utils are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 440114 - CVE-2008-1376 RHEL5 nfs-utils is missing tcp_wrappers support |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2008-0486.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10638 | |||
Oval ID: | oval:org.mitre.oval:def:10638 | ||
Title: | A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions. | ||
Description: | A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1376 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21837 | |||
Oval ID: | oval:org.mitre.oval:def:21837 | ||
Title: | ELSA-2008:0486: nfs-utils security update (Moderate) | ||
Description: | A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0486-01 CVE-2008-1376 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | nfs-utils |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28887 | |||
Oval ID: | oval:org.mitre.oval:def:28887 | ||
Title: | RHSA-2008:0486 -- nfs-utils security update (Moderate) | ||
Description: | An updated nfs-utils package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The nfs-utils package provides a daemon for the kernel NFS server and related tools. A flaw was found in the nfs-utils package build. The nfs-utils package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2008-1376) Users of nfs-utils are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0486 CESA-2008:0486-CentOS 5 CVE-2008-1376 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | nfs-utils |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-05-20 | Name : RedHat Security Advisory RHSA-2009:0955 File : nvt/RHSA_2009_0955.nasl |
2009-03-06 | Name : RedHat Update for nfs-utils RHSA-2008:0486-01 File : nvt/gb_RHSA-2008_0486-01_nfs-utils.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
47503 | nfs-utils for Red Hat Enterprise Linux TCP Wrapper Support Weakness Remote Se... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0486.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-0955.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20080731_nfs_utils_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2008-0486.nasl - Type : ACT_GATHER_INFO |
2009-05-19 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-0955.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0486.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:40 |
|