Bug 440114 - (CVE-2008-1376) CVE-2008-1376 nfs-utils: missing tcp_wrappers support
CVE-2008-1376 nfs-utils: missing tcp_wrappers support
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,source=redhat,reporte...
: Security
Depends On: 440119 440120 467312
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-01 15:05 EDT by Josh Bressers
Modified: 2010-12-23 11:47 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-23 11:47:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2008-04-01 15:05:57 EDT
nfs-utils as built in Red Hat Enterprise Linux 5 is not built with TCP wrappers
support.

This means that anyone trying to protect their NFS service via TCP wrappers will
not be protected as they would expect.

Our documentation specifies that TCP wrappers should work:
http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/s1-nfs-how.html
Comment 7 Josh Bressers 2008-07-31 11:04:35 EDT
Lifting embargo
Comment 8 Michele Marcionelli 2008-08-05 03:21:41 EDT
It seems that netgroups are not working; if I put in my hosts.allow file

mountd: hostname
- or -
mountd: ip-address

then I can mount, but if I have a netgroup, I can't... for instance

mountd: @selected_hosts

Can you confirm this behaviour?
Thx!!
Comment 9 Josh Bressers 2008-08-06 07:47:29 EDT
Please note that this bug should only be used for comments regarding the security flaw.  If you believe you are having other problems, please open a new bug.
Comment 10 Michele Marcionelli 2008-08-07 04:27:15 EDT
But I think that my comment #8 is a security problem, since netgroups with mountd are not working.

By the way: I found a quite old (2005) bugzilla report for the same problem (but for RHEL 4) -> https://bugzilla.redhat.com/show_bug.cgi?id=168383
Comment 12 Josh Bressers 2008-08-11 10:58:08 EDT
I've opened bug 458676 to track the broken netgroup bug.
Comment 13 Steve Dickson 2008-12-02 07:00:03 EST

*** This bug has been marked as a duplicate of bug 440120 ***
Comment 14 Tomas Hoger 2009-04-08 09:54:53 EDT
Similar problem was introduced on Red Hat Enterprise Linux 4 in 4.7 nfs-utils-1.0.6-87.EL4.  This is planned to be addressed in the upcoming 4.8 errata.

nfs-utils packages in Red Hat Enterprise Linux 2.1 and 3 were never built with tcp_wrappers support and there's no plan to introduce tcp_wrappers support in those versions, as Red Hat Enterprise Linux 2.1 and 3 are now in the Production 3 Life Cycle Phase:
  http://www.redhat.com/security/updates/errata/
Comment 17 errata-xmlrpc 2009-05-18 16:06:20 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2009:0955 https://rhn.redhat.com/errata/RHSA-2009-0955.html
Comment 18 Vincent Danen 2010-12-23 11:47:18 EST
This was also addressed via:

Red Hat Enterprise Linux version 5 (RHSA-2008:0486)

Note You need to log in before you can comment on or make changes to this bug.