Red Hat Bugzilla – Bug 440114
CVE-2008-1376 nfs-utils: missing tcp_wrappers support
Last modified: 2010-12-23 11:47:18 EST
nfs-utils as built in Red Hat Enterprise Linux 5 is not built with TCP wrappers
This means that anyone trying to protect their NFS service via TCP wrappers will
not be protected as they would expect.
Our documentation specifies that TCP wrappers should work:
It seems that netgroups are not working; if I put in my hosts.allow file
- or -
then I can mount, but if I have a netgroup, I can't... for instance
Can you confirm this behaviour?
Please note that this bug should only be used for comments regarding the security flaw. If you believe you are having other problems, please open a new bug.
But I think that my comment #8 is a security problem, since netgroups with mountd are not working.
By the way: I found a quite old (2005) bugzilla report for the same problem (but for RHEL 4) -> https://bugzilla.redhat.com/show_bug.cgi?id=168383
I've opened bug 458676 to track the broken netgroup bug.
*** This bug has been marked as a duplicate of bug 440120 ***
Similar problem was introduced on Red Hat Enterprise Linux 4 in 4.7 nfs-utils-1.0.6-87.EL4. This is planned to be addressed in the upcoming 4.8 errata.
nfs-utils packages in Red Hat Enterprise Linux 2.1 and 3 were never built with tcp_wrappers support and there's no plan to introduce tcp_wrappers support in those versions, as Red Hat Enterprise Linux 2.1 and 3 are now in the Production 3 Life Cycle Phase:
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Via RHSA-2009:0955 https://rhn.redhat.com/errata/RHSA-2009-0955.html
This was also addressed via:
Red Hat Enterprise Linux version 5 (RHSA-2008:0486)