Executive Summary

Summary
Title nfs-utils security update
Informations
Name RHSA-2008:0486 First vendor Publication 2008-07-31
Vendor RedHat Last vendor Modification 2008-07-31
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An updated nfs-utils package that fixes a security issue is now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

The nfs-utils package provides a daemon for the kernel NFS server and related tools.

A flaw was found in the nfs-utils package build. The nfs-utils package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2008-1376)

Users of nfs-utils are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

440114 - CVE-2008-1376 RHEL5 nfs-utils is missing tcp_wrappers support

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2008-0486.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10638
 
Oval ID: oval:org.mitre.oval:def:10638
Title: A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions.
Description: A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1376
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21837
 
Oval ID: oval:org.mitre.oval:def:21837
Title: ELSA-2008:0486: nfs-utils security update (Moderate)
Description: A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions.
Family: unix Class: patch
Reference(s): ELSA-2008:0486-01
CVE-2008-1376
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): nfs-utils
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28887
 
Oval ID: oval:org.mitre.oval:def:28887
Title: RHSA-2008:0486 -- nfs-utils security update (Moderate)
Description: An updated nfs-utils package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The nfs-utils package provides a daemon for the kernel NFS server and related tools. A flaw was found in the nfs-utils package build. The nfs-utils package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2008-1376) Users of nfs-utils are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
Family: unix Class: patch
Reference(s): RHSA-2008:0486
CESA-2008:0486-CentOS 5
CVE-2008-1376
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): nfs-utils
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2009-05-20 Name : RedHat Security Advisory RHSA-2009:0955
File : nvt/RHSA_2009_0955.nasl
2009-03-06 Name : RedHat Update for nfs-utils RHSA-2008:0486-01
File : nvt/gb_RHSA-2008_0486-01_nfs-utils.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
47503 nfs-utils for Red Hat Enterprise Linux TCP Wrapper Support Weakness Remote Se...

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2008-0486.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-0955.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20080731_nfs_utils_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2008-0486.nasl - Type : ACT_GATHER_INFO
2009-05-19 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-0955.nasl - Type : ACT_GATHER_INFO
2008-08-01 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0486.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:51:40
  • Multiple Updates