Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 440114 - (CVE-2008-1376) CVE-2008-1376 nfs-utils: missing tcp_wrappers support
CVE-2008-1376 nfs-utils: missing tcp_wrappers support
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 440119 440120 467312
  Show dependency treegraph
Reported: 2008-04-01 15:05 EDT by Josh Bressers
Modified: 2010-12-23 11:47 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-12-23 11:47:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0486 normal SHIPPED_LIVE Moderate: nfs-utils security update 2008-07-31 11:46:33 EDT
Red Hat Product Errata RHSA-2009:0955 normal SHIPPED_LIVE Moderate: nfs-utils security and bug fix update 2009-05-18 09:24:03 EDT

  None (edit)
Description Josh Bressers 2008-04-01 15:05:57 EDT
nfs-utils as built in Red Hat Enterprise Linux 5 is not built with TCP wrappers

This means that anyone trying to protect their NFS service via TCP wrappers will
not be protected as they would expect.

Our documentation specifies that TCP wrappers should work:
Comment 7 Josh Bressers 2008-07-31 11:04:35 EDT
Lifting embargo
Comment 8 Michele Marcionelli 2008-08-05 03:21:41 EDT
It seems that netgroups are not working; if I put in my hosts.allow file

mountd: hostname
- or -
mountd: ip-address

then I can mount, but if I have a netgroup, I can't... for instance

mountd: @selected_hosts

Can you confirm this behaviour?
Comment 9 Josh Bressers 2008-08-06 07:47:29 EDT
Please note that this bug should only be used for comments regarding the security flaw.  If you believe you are having other problems, please open a new bug.
Comment 10 Michele Marcionelli 2008-08-07 04:27:15 EDT
But I think that my comment #8 is a security problem, since netgroups with mountd are not working.

By the way: I found a quite old (2005) bugzilla report for the same problem (but for RHEL 4) -> https://bugzilla.redhat.com/show_bug.cgi?id=168383
Comment 12 Josh Bressers 2008-08-11 10:58:08 EDT
I've opened bug 458676 to track the broken netgroup bug.
Comment 13 Steve Dickson 2008-12-02 07:00:03 EST

*** This bug has been marked as a duplicate of bug 440120 ***
Comment 14 Tomas Hoger 2009-04-08 09:54:53 EDT
Similar problem was introduced on Red Hat Enterprise Linux 4 in 4.7 nfs-utils-1.0.6-87.EL4.  This is planned to be addressed in the upcoming 4.8 errata.

nfs-utils packages in Red Hat Enterprise Linux 2.1 and 3 were never built with tcp_wrappers support and there's no plan to introduce tcp_wrappers support in those versions, as Red Hat Enterprise Linux 2.1 and 3 are now in the Production 3 Life Cycle Phase:
Comment 17 errata-xmlrpc 2009-05-18 16:06:20 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2009:0955 https://rhn.redhat.com/errata/RHSA-2009-0955.html
Comment 18 Vincent Danen 2010-12-23 11:47:18 EST
This was also addressed via:

Red Hat Enterprise Linux version 5 (RHSA-2008:0486)

Note You need to log in before you can comment on or make changes to this bug.