Bug 440114 (CVE-2008-1376) - CVE-2008-1376 nfs-utils: missing tcp_wrappers support
Summary: CVE-2008-1376 nfs-utils: missing tcp_wrappers support
Alias: CVE-2008-1376
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Whiteboard: impact=moderate,source=redhat,reporte...
Keywords: Security
Depends On: 440119 440120 467312
TreeView+ depends on / blocked
Reported: 2008-04-01 19:05 UTC by Josh Bressers
Modified: 2010-12-23 16:47 UTC (History)
9 users (show)

Clone Of:
Last Closed: 2010-12-23 16:47:18 UTC

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0486 normal SHIPPED_LIVE Moderate: nfs-utils security update 2008-07-31 15:46:33 UTC
Red Hat Product Errata RHSA-2009:0955 normal SHIPPED_LIVE Moderate: nfs-utils security and bug fix update 2009-05-18 13:24:03 UTC

Description Josh Bressers 2008-04-01 19:05:57 UTC
nfs-utils as built in Red Hat Enterprise Linux 5 is not built with TCP wrappers

This means that anyone trying to protect their NFS service via TCP wrappers will
not be protected as they would expect.

Our documentation specifies that TCP wrappers should work:

Comment 7 Josh Bressers 2008-07-31 15:04:35 UTC
Lifting embargo

Comment 8 Michele Marcionelli 2008-08-05 07:21:41 UTC
It seems that netgroups are not working; if I put in my hosts.allow file

mountd: hostname
- or -
mountd: ip-address

then I can mount, but if I have a netgroup, I can't... for instance

mountd: @selected_hosts

Can you confirm this behaviour?

Comment 9 Josh Bressers 2008-08-06 11:47:29 UTC
Please note that this bug should only be used for comments regarding the security flaw.  If you believe you are having other problems, please open a new bug.

Comment 10 Michele Marcionelli 2008-08-07 08:27:15 UTC
But I think that my comment #8 is a security problem, since netgroups with mountd are not working.

By the way: I found a quite old (2005) bugzilla report for the same problem (but for RHEL 4) -> https://bugzilla.redhat.com/show_bug.cgi?id=168383

Comment 12 Josh Bressers 2008-08-11 14:58:08 UTC
I've opened bug 458676 to track the broken netgroup bug.

Comment 13 Steve Dickson 2008-12-02 12:00:03 UTC

*** This bug has been marked as a duplicate of bug 440120 ***

Comment 14 Tomas Hoger 2009-04-08 13:54:53 UTC
Similar problem was introduced on Red Hat Enterprise Linux 4 in 4.7 nfs-utils-1.0.6-87.EL4.  This is planned to be addressed in the upcoming 4.8 errata.

nfs-utils packages in Red Hat Enterprise Linux 2.1 and 3 were never built with tcp_wrappers support and there's no plan to introduce tcp_wrappers support in those versions, as Red Hat Enterprise Linux 2.1 and 3 are now in the Production 3 Life Cycle Phase:

Comment 17 errata-xmlrpc 2009-05-18 20:06:20 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2009:0955 https://rhn.redhat.com/errata/RHSA-2009-0955.html

Comment 18 Vincent Danen 2010-12-23 16:47:18 UTC
This was also addressed via:

Red Hat Enterprise Linux version 5 (RHSA-2008:0486)

Note You need to log in before you can comment on or make changes to this bug.