Red Hat redhat-config-nfs Incorrect Share Permission Weakness

2004-09-22T05:51:36
ID OSVDB:10219
Type osvdb
Reporter John Buswell()
Modified 2004-09-22T05:51:36

Description

Vulnerability Description

redhat-config-nfs contains a flaw that may allow a malicious user to gain access to unauthorized NFS shares. The issue is triggered when exporting shares to multiple hosts. This could cause an option such as "all_squash" to not be applied to all of the listed hosts. This flaw may lead to a loss of confidentiality.

Solution Description

Upgrade to version redhat-config-nfs-1.0.13-6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. It is also advised for users to check their NFS shares directly or via the /etc/exports file for any incorrectly set options.

Short Description

redhat-config-nfs contains a flaw that may allow a malicious user to gain access to unauthorized NFS shares. The issue is triggered when exporting shares to multiple hosts. This could cause an option such as "all_squash" to not be applied to all of the listed hosts. This flaw may lead to a loss of confidentiality.

References:

Security Tracker: 1011402 Secunia Advisory ID:12632 RedHat RHSA: RHSA-2004:434-06 Other Advisory URL: http://rhn.redhat.com/errata/RHSA-2004-434.html CVE-2004-0750