Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Vigil@nce: nfs-utils, bypassing netgroup

October 2008 by Vigil@nce


When the administrator uses netgroups in TCP Wrappers files, they
are ignored by nfs-utils.

Gravity: 2/4

Consequences: data flow

Provenance: intranet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 20/10/2008


 Unix - plateform


TCP Wrappers can be used to filter access to services thanks to
the /etc/hosts.deny and the /etc/hosts.allow configuration files.

The nfs-utils package implements a NFS server. The access to NFS
shared files is managed by TCP Wrappers.

The good_client() function of the nfs-utils/support/misc/tcpwrapper.c
file does not correctly call the hosts_ctl() function. TCP
Wrappers netgroups are thus ignored.

An attacker can therefore bypass restrictions, when the
administrator uses netgroups in TCP Wrappers files.


Identifiers: 458676, BID-31823, CVE-2008-4552, VIGILANCE-VUL-8185

See previous articles


See next articles