Vigil@nce: nfs-utils, bypassing netgroup
October 2008 by Vigil@nce
When the administrator uses netgroups in TCP Wrappers files, they
are ignored by nfs-utils.
Consequences: data flow
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 20/10/2008
– Unix - plateform
TCP Wrappers can be used to filter access to services thanks to
the /etc/hosts.deny and the /etc/hosts.allow configuration files.
The nfs-utils package implements a NFS server. The access to NFS
shared files is managed by TCP Wrappers.
The good_client() function of the nfs-utils/support/misc/tcpwrapper.c
file does not correctly call the hosts_ctl() function. TCP
Wrappers netgroups are thus ignored.
An attacker can therefore bypass restrictions, when the
administrator uses netgroups in TCP Wrappers files.
Identifiers: 458676, BID-31823, CVE-2008-4552, VIGILANCE-VUL-8185