English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.880676
Category:CentOS Local Security Checks
Title:CentOS Update for nfs-utils CESA-2009:1321 centos5 i386
Summary:The remote host is missing an update for the 'nfs-utils'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'nfs-utils'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The nfs-utils package provides a daemon for the kernel NFS server and
related tools.

It was discovered that nfs-utils did not use tcp_wrappers correctly.
Certain hosts access rules defined in '/etc/hosts.allow' and
'/etc/hosts.deny' may not have been honored, possibly allowing remote
attackers to bypass intended access restrictions. (CVE-2008-4552)

This updated package also fixes the following bugs:

* the 'LOCKD_TCPPORT' and 'LOCKD_UDPPORT' options in '/etc/sysconfig/nfs'
were not honored: the lockd daemon continued to use random ports. With this
update, these options are honored. (BZ#434795)

* it was not possible to mount NFS file systems from a system that has
the '/etc/' directory mounted on a read-only file system (this could occur
on systems with an NFS-mounted root file system). With this update, it is
possible to mount NFS file systems from a system that has '/etc/' mounted
on a read-only file system. (BZ#450646)

* arguments specified by 'STATDARG=' in '/etc/sysconfig/nfs' were removed
by the nfslock init script, meaning the arguments specified were never
passed to rpc.statd. With this update, the nfslock init script no longer
removes these arguments. (BZ#459591)

* when mounting an NFS file system from a host not specified in the NFS
server's '/etc/exports' file, a misleading 'unknown host' error was logged
on the server (the hostname lookup did not fail). With this update, a
clearer error message is provided for these situations. (BZ#463578)

* the nhfsstone benchmark utility did not work with NFS version 3 and 4.
This update adds support to nhfsstone for NFS version 3 and 4. The new
nhfsstone '-2', '-3', and '-4' options are used to select an NFS version
(similar to nfsstat(8)). (BZ#465933)

* the exportfs(8) manual page contained a spelling mistake, 'djando', in
the EXAMPLES section. (BZ#474848)

* in some situations the NFS server incorrectly refused mounts to hosts
that had a host alias in a NIS netgroup. (BZ#478952)

* in some situations the NFS client used its cache, rather than using
the latest version of a file or directory from a given export. This update
adds a new mount option, 'lookupcache=', which allows the NFS client to
control how it caches files and directories. Note: The Red Hat Enterprise
Linux 5.4 kernel update (the fourth regular update) must be installed in
order to use the 'lookupcache=' option.

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
nfs-utils on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-4552
20081030 rPSA-2008-0307-1 nfs-client nfs-server nfs-utils
http://www.securityfocus.com/archive/1/497935/100/0/threaded
31823
http://www.securityfocus.com/bid/31823
32346
http://secunia.com/advisories/32346
32481
http://secunia.com/advisories/32481
33006
http://secunia.com/advisories/33006
36538
http://secunia.com/advisories/36538
38794
http://secunia.com/advisories/38794
38833
http://secunia.com/advisories/38833
ADV-2010-0528
http://www.vupen.com/english/advisories/2010/0528
MDVSA-2009:060
http://www.mandriva.com/security/advisories?name=MDVSA-2009:060
RHSA-2009:1321
http://www.redhat.com/support/errata/RHSA-2009-1321.html
USN-687-1
http://www.ubuntu.com/usn/USN-687-1
[oss-security] 20120719 CVE Request: quota: incorrect use of tcp_wrappers
http://www.openwall.com/lists/oss-security/2012/07/19/2
[oss-security] 20120719 Re: CVE Request: quota: incorrect use of tcp_wrappers
http://www.openwall.com/lists/oss-security/2012/07/19/5
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://wiki.rpath.com/Advisories:rPSA-2008-0307
https://bugzilla.redhat.com/show_bug.cgi?id=458676
nfsutils-hostctl-security-bypass(45895)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45895
oval:org.mitre.oval:def:11544
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11544
oval:org.mitre.oval:def:8325
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8325
CopyrightCopyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.