(RHSA-2009:1321) Low: nfs-utils security and bug fix update
2009-09-02T07:02:33
ID RHSA-2009:1321 Type redhat Reporter RedHat Modified 2017-09-08T12:13:43
Description
The nfs-utils package provides a daemon for the kernel NFS server and
related tools.
It was discovered that nfs-utils did not use tcp_wrappers correctly.
Certain hosts access rules defined in "/etc/hosts.allow" and
"/etc/hosts.deny" may not have been honored, possibly allowing remote
attackers to bypass intended access restrictions. (CVE-2008-4552)
This updated package also fixes the following bugs:
the "LOCKD_TCPPORT" and "LOCKD_UDPPORT" options in "/etc/sysconfig/nfs"
were not honored: the lockd daemon continued to use random ports. With this
update, these options are honored. (BZ#434795)
it was not possible to mount NFS file systems from a system that has
the "/etc/" directory mounted on a read-only file system (this could occur
on systems with an NFS-mounted root file system). With this update, it is
possible to mount NFS file systems from a system that has "/etc/" mounted
on a read-only file system. (BZ#450646)
arguments specified by "STATDARG=" in "/etc/sysconfig/nfs" were removed
by the nfslock init script, meaning the arguments specified were never
passed to rpc.statd. With this update, the nfslock init script no longer
removes these arguments. (BZ#459591)
when mounting an NFS file system from a host not specified in the NFS
server's "/etc/exports" file, a misleading "unknown host" error was logged
on the server (the hostname lookup did not fail). With this update, a
clearer error message is provided for these situations. (BZ#463578)
the nhfsstone benchmark utility did not work with NFS version 3 and 4.
This update adds support to nhfsstone for NFS version 3 and 4. The new
nhfsstone "-2", "-3", and "-4" options are used to select an NFS version
(similar to nfsstat(8)). (BZ#465933)
the exportfs(8) manual page contained a spelling mistake, "djando", in
the EXAMPLES section. (BZ#474848)
in some situations the NFS server incorrectly refused mounts to hosts
that had a host alias in a NIS netgroup. (BZ#478952)
in some situations the NFS client used its cache, rather than using
the latest version of a file or directory from a given export. This update
adds a new mount option, "lookupcache=", which allows the NFS client to
control how it caches files and directories. Note: The Red Hat Enterprise
Linux 5.4 kernel update (the fourth regular update) must be installed in
order to use the "lookupcache=" option. Also, "lookupcache=" is currently
only available for NFS version 3. Support for NFS version 4 may be
introduced in future Red Hat Enterprise Linux 5 updates. Refer to Red Hat
Bugzilla #511312 for further information. (BZ#489335)
Users of nfs-utils should upgrade to this updated package, which contains
backported patches to correct these issues. After installing this update,
the nfs service will be restarted automatically.
{"id": "RHSA-2009:1321", "hash": "d99911ee653186b855bd131742e75b23", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1321) Low: nfs-utils security and bug fix update", "description": "The nfs-utils package provides a daemon for the kernel NFS server and\nrelated tools.\n\nIt was discovered that nfs-utils did not use tcp_wrappers correctly.\nCertain hosts access rules defined in \"/etc/hosts.allow\" and\n\"/etc/hosts.deny\" may not have been honored, possibly allowing remote\nattackers to bypass intended access restrictions. (CVE-2008-4552)\n\nThis updated package also fixes the following bugs:\n\n* the \"LOCKD_TCPPORT\" and \"LOCKD_UDPPORT\" options in \"/etc/sysconfig/nfs\"\nwere not honored: the lockd daemon continued to use random ports. With this\nupdate, these options are honored. (BZ#434795)\n\n* it was not possible to mount NFS file systems from a system that has\nthe \"/etc/\" directory mounted on a read-only file system (this could occur\non systems with an NFS-mounted root file system). With this update, it is\npossible to mount NFS file systems from a system that has \"/etc/\" mounted\non a read-only file system. (BZ#450646)\n\n* arguments specified by \"STATDARG=\" in \"/etc/sysconfig/nfs\" were removed\nby the nfslock init script, meaning the arguments specified were never\npassed to rpc.statd. With this update, the nfslock init script no longer\nremoves these arguments. (BZ#459591)\n\n* when mounting an NFS file system from a host not specified in the NFS\nserver's \"/etc/exports\" file, a misleading \"unknown host\" error was logged\non the server (the hostname lookup did not fail). With this update, a\nclearer error message is provided for these situations. (BZ#463578)\n\n* the nhfsstone benchmark utility did not work with NFS version 3 and 4.\nThis update adds support to nhfsstone for NFS version 3 and 4. The new\nnhfsstone \"-2\", \"-3\", and \"-4\" options are used to select an NFS version\n(similar to nfsstat(8)). (BZ#465933)\n\n* the exportfs(8) manual page contained a spelling mistake, \"djando\", in\nthe EXAMPLES section. (BZ#474848)\n\n* in some situations the NFS server incorrectly refused mounts to hosts\nthat had a host alias in a NIS netgroup. (BZ#478952)\n\n* in some situations the NFS client used its cache, rather than using\nthe latest version of a file or directory from a given export. This update\nadds a new mount option, \"lookupcache=\", which allows the NFS client to\ncontrol how it caches files and directories. Note: The Red Hat Enterprise\nLinux 5.4 kernel update (the fourth regular update) must be installed in\norder to use the \"lookupcache=\" option. Also, \"lookupcache=\" is currently\nonly available for NFS version 3. Support for NFS version 4 may be\nintroduced in future Red Hat Enterprise Linux 5 updates. Refer to Red Hat\nBugzilla #511312 for further information. (BZ#489335)\n\nUsers of nfs-utils should upgrade to this updated package, which contains\nbackported patches to correct these issues. After installing this update,\nthe nfs service will be restarted automatically.", "published": "2009-09-02T07:02:33", "modified": "2017-09-08T12:13:43", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1321", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2008-4552"], "lastseen": "2018-12-11T17:43:19", "history": [{"bulletin": {"id": "RHSA-2009:1321", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1321) Low: nfs-utils security and bug fix update", "description": "The nfs-utils package provides a daemon for the kernel NFS server and\nrelated tools.\n\nIt was discovered that nfs-utils did not use tcp_wrappers correctly.\nCertain hosts access rules defined in \"/etc/hosts.allow\" and\n\"/etc/hosts.deny\" may not have been honored, possibly allowing remote\nattackers to bypass intended access restrictions. (CVE-2008-4552)\n\nThis updated package also fixes the following bugs:\n\n* the \"LOCKD_TCPPORT\" and \"LOCKD_UDPPORT\" options in \"/etc/sysconfig/nfs\"\nwere not honored: the lockd daemon continued to use random ports. With this\nupdate, these options are honored. (BZ#434795)\n\n* it was not possible to mount NFS file systems from a system that has\nthe \"/etc/\" directory mounted on a read-only file system (this could occur\non systems with an NFS-mounted root file system). With this update, it is\npossible to mount NFS file systems from a system that has \"/etc/\" mounted\non a read-only file system. (BZ#450646)\n\n* arguments specified by \"STATDARG=\" in \"/etc/sysconfig/nfs\" were removed\nby the nfslock init script, meaning the arguments specified were never\npassed to rpc.statd. With this update, the nfslock init script no longer\nremoves these arguments. (BZ#459591)\n\n* when mounting an NFS file system from a host not specified in the NFS\nserver's \"/etc/exports\" file, a misleading \"unknown host\" error was logged\non the server (the hostname lookup did not fail). With this update, a\nclearer error message is provided for these situations. (BZ#463578)\n\n* the nhfsstone benchmark utility did not work with NFS version 3 and 4.\nThis update adds support to nhfsstone for NFS version 3 and 4. The new\nnhfsstone \"-2\", \"-3\", and \"-4\" options are used to select an NFS version\n(similar to nfsstat(8)). (BZ#465933)\n\n* the exportfs(8) manual page contained a spelling mistake, \"djando\", in\nthe EXAMPLES section. (BZ#474848)\n\n* in some situations the NFS server incorrectly refused mounts to hosts\nthat had a host alias in a NIS netgroup. (BZ#478952)\n\n* in some situations the NFS client used its cache, rather than using\nthe latest version of a file or directory from a given export. This update\nadds a new mount option, \"lookupcache=\", which allows the NFS client to\ncontrol how it caches files and directories. Note: The Red Hat Enterprise\nLinux 5.4 kernel update (the fourth regular update) must be installed in\norder to use the \"lookupcache=\" option. Also, \"lookupcache=\" is currently\nonly available for NFS version 3. Support for NFS version 4 may be\nintroduced in future Red Hat Enterprise Linux 5 updates. Refer to Red Hat\nBugzilla #511312 for further information. (BZ#489335)\n\nUsers of nfs-utils should upgrade to this updated package, which contains\nbackported patches to correct these issues. After installing this update,\nthe nfs service will be restarted automatically.", "published": "2009-09-02T07:02:33", "modified": "2016-04-04T18:37:42", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1321", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2008-4552"], "lastseen": "2016-09-04T11:17:59", "history": [], "viewCount": 1, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageFilename": "nfs-utils-1.0.9-42.el5.ia64.rpm", "packageName": "nfs-utils", "packageVersion": "1.0.9-42.el5", "OSVersion": "5", "OS": "RedHat", "operator": "lt", "arch": "ia64"}, {"packageFilename": "nfs-utils-1.0.9-42.el5.i386.rpm", "packageName": "nfs-utils", "packageVersion": "1.0.9-42.el5", "OSVersion": "5", "OS": "RedHat", "operator": "lt", "arch": "i386"}, {"packageFilename": "nfs-utils-1.0.9-42.el5.ppc.rpm", "packageName": "nfs-utils", "packageVersion": "1.0.9-42.el5", "OSVersion": "5", "OS": "RedHat", "operator": "lt", "arch": "ppc"}, {"packageFilename": "nfs-utils-1.0.9-42.el5.x86_64.rpm", "packageName": "nfs-utils", "packageVersion": "1.0.9-42.el5", "OSVersion": "5", "OS": "RedHat", "operator": "lt", "arch": "x86_64"}, {"packageFilename": "nfs-utils-1.0.9-42.el5.s390x.rpm", "packageName": "nfs-utils", "packageVersion": "1.0.9-42.el5", "OSVersion": "5", "OS": "RedHat", "operator": "lt", "arch": "s390x"}, {"packageFilename": "nfs-utils-1.0.9-42.el5.src.rpm", "packageName": "nfs-utils", "packageVersion": "1.0.9-42.el5", "OSVersion": "5", "OS": "RedHat", "operator": "lt", "arch": "src"}]}, "lastseen": "2016-09-04T11:17:59", "differentElements": ["affectedPackage", "modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2009:1321", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1321) Low: nfs-utils security and bug fix update", "description": "The nfs-utils package provides a daemon for the kernel NFS server and\nrelated tools.\n\nIt was discovered that nfs-utils did not use tcp_wrappers correctly.\nCertain hosts access rules defined in \"/etc/hosts.allow\" and\n\"/etc/hosts.deny\" may not have been honored, possibly allowing remote\nattackers to bypass intended access restrictions. (CVE-2008-4552)\n\nThis updated package also fixes the following bugs:\n\n* the \"LOCKD_TCPPORT\" and \"LOCKD_UDPPORT\" options in \"/etc/sysconfig/nfs\"\nwere not honored: the lockd daemon continued to use random ports. With this\nupdate, these options are honored. (BZ#434795)\n\n* it was not possible to mount NFS file systems from a system that has\nthe \"/etc/\" directory mounted on a read-only file system (this could occur\non systems with an NFS-mounted root file system). With this update, it is\npossible to mount NFS file systems from a system that has \"/etc/\" mounted\non a read-only file system. (BZ#450646)\n\n* arguments specified by \"STATDARG=\" in \"/etc/sysconfig/nfs\" were removed\nby the nfslock init script, meaning the arguments specified were never\npassed to rpc.statd. With this update, the nfslock init script no longer\nremoves these arguments. (BZ#459591)\n\n* when mounting an NFS file system from a host not specified in the NFS\nserver's \"/etc/exports\" file, a misleading \"unknown host\" error was logged\non the server (the hostname lookup did not fail). With this update, a\nclearer error message is provided for these situations. (BZ#463578)\n\n* the nhfsstone benchmark utility did not work with NFS version 3 and 4.\nThis update adds support to nhfsstone for NFS version 3 and 4. The new\nnhfsstone \"-2\", \"-3\", and \"-4\" options are used to select an NFS version\n(similar to nfsstat(8)). (BZ#465933)\n\n* the exportfs(8) manual page contained a spelling mistake, \"djando\", in\nthe EXAMPLES section. (BZ#474848)\n\n* in some situations the NFS server incorrectly refused mounts to hosts\nthat had a host alias in a NIS netgroup. (BZ#478952)\n\n* in some situations the NFS client used its cache, rather than using\nthe latest version of a file or directory from a given export. This update\nadds a new mount option, \"lookupcache=\", which allows the NFS client to\ncontrol how it caches files and directories. Note: The Red Hat Enterprise\nLinux 5.4 kernel update (the fourth regular update) must be installed in\norder to use the \"lookupcache=\" option. Also, \"lookupcache=\" is currently\nonly available for NFS version 3. Support for NFS version 4 may be\nintroduced in future Red Hat Enterprise Linux 5 updates. Refer to Red Hat\nBugzilla #511312 for further information. (BZ#489335)\n\nUsers of nfs-utils should upgrade to this updated package, which contains\nbackported patches to correct these issues. After installing this update,\nthe nfs service will be restarted automatically.", "published": "2009-09-02T07:02:33", "modified": "2017-07-28T19:14:45", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1321", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2008-4552"], "lastseen": "2017-08-02T20:57:55", "history": [], "viewCount": 1, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "1.0.9-42.el5", "packageName": "nfs-utils", "packageFilename": "nfs-utils-1.0.9-42.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}]}, "lastseen": "2017-08-02T20:57:55", "differentElements": ["affectedPackage", "modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2009:1321", "hash": "6a09901d47d5a26abcae5db9d466d901", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2009:1321) Low: nfs-utils security and bug fix update", "description": "The nfs-utils package provides a daemon for the kernel NFS server and\nrelated tools.\n\nIt was discovered that nfs-utils did not use tcp_wrappers correctly.\nCertain hosts access rules defined in \"/etc/hosts.allow\" and\n\"/etc/hosts.deny\" may not have been honored, possibly allowing remote\nattackers to bypass intended access restrictions. (CVE-2008-4552)\n\nThis updated package also fixes the following bugs:\n\n* the \"LOCKD_TCPPORT\" and \"LOCKD_UDPPORT\" options in \"/etc/sysconfig/nfs\"\nwere not honored: the lockd daemon continued to use random ports. With this\nupdate, these options are honored. (BZ#434795)\n\n* it was not possible to mount NFS file systems from a system that has\nthe \"/etc/\" directory mounted on a read-only file system (this could occur\non systems with an NFS-mounted root file system). With this update, it is\npossible to mount NFS file systems from a system that has \"/etc/\" mounted\non a read-only file system. (BZ#450646)\n\n* arguments specified by \"STATDARG=\" in \"/etc/sysconfig/nfs\" were removed\nby the nfslock init script, meaning the arguments specified were never\npassed to rpc.statd. With this update, the nfslock init script no longer\nremoves these arguments. (BZ#459591)\n\n* when mounting an NFS file system from a host not specified in the NFS\nserver's \"/etc/exports\" file, a misleading \"unknown host\" error was logged\non the server (the hostname lookup did not fail). With this update, a\nclearer error message is provided for these situations. (BZ#463578)\n\n* the nhfsstone benchmark utility did not work with NFS version 3 and 4.\nThis update adds support to nhfsstone for NFS version 3 and 4. The new\nnhfsstone \"-2\", \"-3\", and \"-4\" options are used to select an NFS version\n(similar to nfsstat(8)). (BZ#465933)\n\n* the exportfs(8) manual page contained a spelling mistake, \"djando\", in\nthe EXAMPLES section. (BZ#474848)\n\n* in some situations the NFS server incorrectly refused mounts to hosts\nthat had a host alias in a NIS netgroup. (BZ#478952)\n\n* in some situations the NFS client used its cache, rather than using\nthe latest version of a file or directory from a given export. This update\nadds a new mount option, \"lookupcache=\", which allows the NFS client to\ncontrol how it caches files and directories. Note: The Red Hat Enterprise\nLinux 5.4 kernel update (the fourth regular update) must be installed in\norder to use the \"lookupcache=\" option. Also, \"lookupcache=\" is currently\nonly available for NFS version 3. Support for NFS version 4 may be\nintroduced in future Red Hat Enterprise Linux 5 updates. Refer to Red Hat\nBugzilla #511312 for further information. (BZ#489335)\n\nUsers of nfs-utils should upgrade to this updated package, which contains\nbackported patches to correct these issues. After installing this update,\nthe nfs service will be restarted automatically.", "published": "2009-09-02T07:02:33", "modified": "2017-09-08T12:13:43", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1321", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2008-4552"], "lastseen": "2017-09-09T07:20:31", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "1.0.9-42.el5", "packageName": "nfs-utils", "packageFilename": "nfs-utils-1.0.9-42.el5.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.0.9-42.el5", "packageName": "nfs-utils", "packageFilename": "nfs-utils-1.0.9-42.el5.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.0.9-42.el5", "packageName": "nfs-utils", "packageFilename": "nfs-utils-1.0.9-42.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.0.9-42.el5", "packageName": "nfs-utils", "packageFilename": "nfs-utils-1.0.9-42.el5.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.0.9-42.el5", "packageName": "nfs-utils", "packageFilename": "nfs-utils-1.0.9-42.el5.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "1.0.9-42.el5", "packageName": "nfs-utils", "packageFilename": "nfs-utils-1.0.9-42.el5.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}]}, "lastseen": "2017-09-09T07:20:31", "differentElements": ["affectedPackage"], "edition": 3}], "viewCount": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-4552"]}, {"type": "nessus", "idList": ["SUSE9_12274.NASL", "CENTOS_RHSA-2009-1321.NASL", "UBUNTU_USN-687-1.NASL", "SUSE_NFS-UTILS-5713.NASL", "GENTOO_GLSA-200903-06.NASL", "SL_20090902_NFS_UTILS_ON_SL5_X.NASL", "MANDRIVA_MDVSA-2009-060.NASL", "REDHAT-RHSA-2009-1321.NASL", "VMWARE_VMSA-2010-0004.NASL", "VMWARE_VMSA-2010-0004_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310880676", "OPENVAS:64934", "OPENVAS:63537", "OPENVAS:63647", "OPENVAS:880676", "OPENVAS:136141256231064798", "OPENVAS:136141256231063537", "OPENVAS:65790", "OPENVAS:65471", "OPENVAS:1361412562310122449"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9398", "SECURITYVULNS:DOC:20799"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1321"]}, {"type": "centos", "idList": ["CESA-2009:1321"]}, {"type": "seebug", "idList": ["SSV:4270"]}, {"type": "ubuntu", "idList": ["USN-687-1"]}, {"type": "gentoo", "idList": ["GLSA-200903-06"]}, {"type": "vmware", "idList": ["VMSA-2010-0004"]}], "modified": "2018-12-11T17:43:19"}, "vulnersScore": 5.0}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "nfs-utils", "packageVersion": "1.0.9-42.el5", "packageFilename": "nfs-utils-1.0.9-42.el5.i386.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2018-10-12T11:33:48", "bulletinFamily": "NVD", "description": "The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.", "modified": "2018-10-11T16:52:08", "published": "2008-10-14T16:00:01", "id": "CVE-2008-4552", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4552", "title": "CVE-2008-4552", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:09:06", "bulletinFamily": "scanner", "description": "It was discovered that nfs-utils did not properly enforce netgroup\nrestrictions when using TCP Wrappers. Remote attackers could bypass\nthe netgroup restrictions enabled by the administrator and possibly\ngain access to sensitive information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-01-02T00:00:00", "published": "2009-04-23T00:00:00", "id": "UBUNTU_USN-687-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36927", "title": "Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : nfs-utils vulnerability (USN-687-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-687-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36927);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/01/02 16:37:56\");\n\n script_cve_id(\"CVE-2008-4552\");\n script_bugtraq_id(31823);\n script_xref(name:\"USN\", value:\"687-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : nfs-utils vulnerability (USN-687-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that nfs-utils did not properly enforce netgroup\nrestrictions when using TCP Wrappers. Remote attackers could bypass\nthe netgroup restrictions enabled by the administrator and possibly\ngain access to sensitive information.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/687-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected nfs-common, nfs-kernel-server and / or nhfsstone\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nfs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nfs-kernel-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nhfsstone\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.10|8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.10 / 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nfs-common\", pkgver:\"1.0.7-3ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nfs-kernel-server\", pkgver:\"1:1.0.7-3ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nhfsstone\", pkgver:\"1.0.7-3ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"nfs-common\", pkgver:\"1.1.1~git-20070709-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"nfs-kernel-server\", pkgver:\"1:1.1.1~git-20070709-3ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"nfs-common\", pkgver:\"1.1.2-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"nfs-kernel-server\", pkgver:\"1:1.1.2-2ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"nfs-common\", pkgver:\"1.1.2-4ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"nfs-kernel-server\", pkgver:\"1:1.1.2-4ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nfs-common / nfs-kernel-server / nhfsstone\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:07:25", "bulletinFamily": "scanner", "description": "This update of nfs-utils fixes the handling of the tcp wrapper ACLs.\n(CVE-2008-4552)", "modified": "2012-04-23T00:00:00", "published": "2009-09-24T00:00:00", "id": "SUSE9_12274.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41250", "title": "SuSE9 Security Update : nfs-utils (YOU Patch Number 12274)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41250);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2012/04/23 18:14:43 $\");\n\n script_cve_id(\"CVE-2008-4552\");\n\n script_name(english:\"SuSE9 Security Update : nfs-utils (YOU Patch Number 12274)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of nfs-utils fixes the handling of the tcp wrapper ACLs.\n(CVE-2008-4552)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-4552.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12274.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"nfs-utils-1.0.6-103.33\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:10:15", "bulletinFamily": "scanner", "description": "An updated nfs-utils package that fixes a security issue and several\nbugs is now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe nfs-utils package provides a daemon for the kernel NFS server and\nrelated tools.\n\nIt was discovered that nfs-utils did not use tcp_wrappers correctly.\nCertain hosts access rules defined in '/etc/hosts.allow' and\n'/etc/hosts.deny' may not have been honored, possibly allowing remote\nattackers to bypass intended access restrictions. (CVE-2008-4552)\n\nThis updated package also fixes the following bugs :\n\n* the 'LOCKD_TCPPORT' and 'LOCKD_UDPPORT' options in\n'/etc/sysconfig/nfs' were not honored: the lockd daemon continued to\nuse random ports. With this update, these options are honored.\n(BZ#434795)\n\n* it was not possible to mount NFS file systems from a system that has\nthe '/etc/' directory mounted on a read-only file system (this could\noccur on systems with an NFS-mounted root file system). With this\nupdate, it is possible to mount NFS file systems from a system that\nhas '/etc/' mounted on a read-only file system. (BZ#450646)\n\n* arguments specified by 'STATDARG=' in '/etc/sysconfig/nfs' were\nremoved by the nfslock init script, meaning the arguments specified\nwere never passed to rpc.statd. With this update, the nfslock init\nscript no longer removes these arguments. (BZ#459591)\n\n* when mounting an NFS file system from a host not specified in the\nNFS server's '/etc/exports' file, a misleading 'unknown host' error\nwas logged on the server (the hostname lookup did not fail). With this\nupdate, a clearer error message is provided for these situations.\n(BZ#463578)\n\n* the nhfsstone benchmark utility did not work with NFS version 3 and\n4. This update adds support to nhfsstone for NFS version 3 and 4. The\nnew nhfsstone '-2', '-3', and '-4' options are used to select an NFS\nversion (similar to nfsstat(8)). (BZ#465933)\n\n* the exportfs(8) manual page contained a spelling mistake, 'djando',\nin the EXAMPLES section. (BZ#474848)\n\n* in some situations the NFS server incorrectly refused mounts to\nhosts that had a host alias in a NIS netgroup. (BZ#478952)\n\n* in some situations the NFS client used its cache, rather than using\nthe latest version of a file or directory from a given export. This\nupdate adds a new mount option, 'lookupcache=', which allows the NFS\nclient to control how it caches files and directories. Note: The Red\nHat Enterprise Linux 5.4 kernel update (the fourth regular update)\nmust be installed in order to use the 'lookupcache=' option. Also,\n'lookupcache=' is currently only available for NFS version 3. Support\nfor NFS version 4 may be introduced in future Red Hat Enterprise Linux\n5 updates. Refer to Red Hat Bugzilla #511312 for further information.\n(BZ#489335)\n\nUsers of nfs-utils should upgrade to this updated package, which\ncontains backported patches to correct these issues. After installing\nthis update, the nfs service will be restarted automatically.", "modified": "2018-11-28T00:00:00", "published": "2010-01-06T00:00:00", "id": "CENTOS_RHSA-2009-1321.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43784", "title": "CentOS 5 : nfs-utils (CESA-2009:1321)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1321 and \n# CentOS Errata and Security Advisory 2009:1321 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43784);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/28 22:47:41\");\n\n script_cve_id(\"CVE-2008-4552\");\n script_bugtraq_id(31823);\n script_xref(name:\"RHSA\", value:\"2009:1321\");\n\n script_name(english:\"CentOS 5 : nfs-utils (CESA-2009:1321)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated nfs-utils package that fixes a security issue and several\nbugs is now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe nfs-utils package provides a daemon for the kernel NFS server and\nrelated tools.\n\nIt was discovered that nfs-utils did not use tcp_wrappers correctly.\nCertain hosts access rules defined in '/etc/hosts.allow' and\n'/etc/hosts.deny' may not have been honored, possibly allowing remote\nattackers to bypass intended access restrictions. (CVE-2008-4552)\n\nThis updated package also fixes the following bugs :\n\n* the 'LOCKD_TCPPORT' and 'LOCKD_UDPPORT' options in\n'/etc/sysconfig/nfs' were not honored: the lockd daemon continued to\nuse random ports. With this update, these options are honored.\n(BZ#434795)\n\n* it was not possible to mount NFS file systems from a system that has\nthe '/etc/' directory mounted on a read-only file system (this could\noccur on systems with an NFS-mounted root file system). With this\nupdate, it is possible to mount NFS file systems from a system that\nhas '/etc/' mounted on a read-only file system. (BZ#450646)\n\n* arguments specified by 'STATDARG=' in '/etc/sysconfig/nfs' were\nremoved by the nfslock init script, meaning the arguments specified\nwere never passed to rpc.statd. With this update, the nfslock init\nscript no longer removes these arguments. (BZ#459591)\n\n* when mounting an NFS file system from a host not specified in the\nNFS server's '/etc/exports' file, a misleading 'unknown host' error\nwas logged on the server (the hostname lookup did not fail). With this\nupdate, a clearer error message is provided for these situations.\n(BZ#463578)\n\n* the nhfsstone benchmark utility did not work with NFS version 3 and\n4. This update adds support to nhfsstone for NFS version 3 and 4. The\nnew nhfsstone '-2', '-3', and '-4' options are used to select an NFS\nversion (similar to nfsstat(8)). (BZ#465933)\n\n* the exportfs(8) manual page contained a spelling mistake, 'djando',\nin the EXAMPLES section. (BZ#474848)\n\n* in some situations the NFS server incorrectly refused mounts to\nhosts that had a host alias in a NIS netgroup. (BZ#478952)\n\n* in some situations the NFS client used its cache, rather than using\nthe latest version of a file or directory from a given export. This\nupdate adds a new mount option, 'lookupcache=', which allows the NFS\nclient to control how it caches files and directories. Note: The Red\nHat Enterprise Linux 5.4 kernel update (the fourth regular update)\nmust be installed in order to use the 'lookupcache=' option. Also,\n'lookupcache=' is currently only available for NFS version 3. Support\nfor NFS version 4 may be introduced in future Red Hat Enterprise Linux\n5 updates. Refer to Red Hat Bugzilla #511312 for further information.\n(BZ#489335)\n\nUsers of nfs-utils should upgrade to this updated package, which\ncontains backported patches to correct these issues. After installing\nthis update, the nfs service will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016147.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?92c61d5f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016148.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9901d7f2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nfs-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nfs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"nfs-utils-1.0.9-42.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:09:44", "bulletinFamily": "scanner", "description": "An updated nfs-utils package that fixes a security issue and several\nbugs is now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe nfs-utils package provides a daemon for the kernel NFS server and\nrelated tools.\n\nIt was discovered that nfs-utils did not use tcp_wrappers correctly.\nCertain hosts access rules defined in '/etc/hosts.allow' and\n'/etc/hosts.deny' may not have been honored, possibly allowing remote\nattackers to bypass intended access restrictions. (CVE-2008-4552)\n\nThis updated package also fixes the following bugs :\n\n* the 'LOCKD_TCPPORT' and 'LOCKD_UDPPORT' options in\n'/etc/sysconfig/nfs' were not honored: the lockd daemon continued to\nuse random ports. With this update, these options are honored.\n(BZ#434795)\n\n* it was not possible to mount NFS file systems from a system that has\nthe '/etc/' directory mounted on a read-only file system (this could\noccur on systems with an NFS-mounted root file system). With this\nupdate, it is possible to mount NFS file systems from a system that\nhas '/etc/' mounted on a read-only file system. (BZ#450646)\n\n* arguments specified by 'STATDARG=' in '/etc/sysconfig/nfs' were\nremoved by the nfslock init script, meaning the arguments specified\nwere never passed to rpc.statd. With this update, the nfslock init\nscript no longer removes these arguments. (BZ#459591)\n\n* when mounting an NFS file system from a host not specified in the\nNFS server's '/etc/exports' file, a misleading 'unknown host' error\nwas logged on the server (the hostname lookup did not fail). With this\nupdate, a clearer error message is provided for these situations.\n(BZ#463578)\n\n* the nhfsstone benchmark utility did not work with NFS version 3 and\n4. This update adds support to nhfsstone for NFS version 3 and 4. The\nnew nhfsstone '-2', '-3', and '-4' options are used to select an NFS\nversion (similar to nfsstat(8)). (BZ#465933)\n\n* the exportfs(8) manual page contained a spelling mistake, 'djando',\nin the EXAMPLES section. (BZ#474848)\n\n* in some situations the NFS server incorrectly refused mounts to\nhosts that had a host alias in a NIS netgroup. (BZ#478952)\n\n* in some situations the NFS client used its cache, rather than using\nthe latest version of a file or directory from a given export. This\nupdate adds a new mount option, 'lookupcache=', which allows the NFS\nclient to control how it caches files and directories. Note: The Red\nHat Enterprise Linux 5.4 kernel update (the fourth regular update)\nmust be installed in order to use the 'lookupcache=' option. Also,\n'lookupcache=' is currently only available for NFS version 3. Support\nfor NFS version 4 may be introduced in future Red Hat Enterprise Linux\n5 updates. Refer to Red Hat Bugzilla #511312 for further information.\n(BZ#489335)\n\nUsers of nfs-utils should upgrade to this updated package, which\ncontains backported patches to correct these issues. After installing\nthis update, the nfs service will be restarted automatically.", "modified": "2019-01-02T00:00:00", "published": "2009-09-02T00:00:00", "id": "REDHAT-RHSA-2009-1321.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40838", "title": "RHEL 5 : nfs-utils (RHSA-2009:1321)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1321. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40838);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2008-4552\");\n script_bugtraq_id(31823);\n script_xref(name:\"RHSA\", value:\"2009:1321\");\n\n script_name(english:\"RHEL 5 : nfs-utils (RHSA-2009:1321)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated nfs-utils package that fixes a security issue and several\nbugs is now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe nfs-utils package provides a daemon for the kernel NFS server and\nrelated tools.\n\nIt was discovered that nfs-utils did not use tcp_wrappers correctly.\nCertain hosts access rules defined in '/etc/hosts.allow' and\n'/etc/hosts.deny' may not have been honored, possibly allowing remote\nattackers to bypass intended access restrictions. (CVE-2008-4552)\n\nThis updated package also fixes the following bugs :\n\n* the 'LOCKD_TCPPORT' and 'LOCKD_UDPPORT' options in\n'/etc/sysconfig/nfs' were not honored: the lockd daemon continued to\nuse random ports. With this update, these options are honored.\n(BZ#434795)\n\n* it was not possible to mount NFS file systems from a system that has\nthe '/etc/' directory mounted on a read-only file system (this could\noccur on systems with an NFS-mounted root file system). With this\nupdate, it is possible to mount NFS file systems from a system that\nhas '/etc/' mounted on a read-only file system. (BZ#450646)\n\n* arguments specified by 'STATDARG=' in '/etc/sysconfig/nfs' were\nremoved by the nfslock init script, meaning the arguments specified\nwere never passed to rpc.statd. With this update, the nfslock init\nscript no longer removes these arguments. (BZ#459591)\n\n* when mounting an NFS file system from a host not specified in the\nNFS server's '/etc/exports' file, a misleading 'unknown host' error\nwas logged on the server (the hostname lookup did not fail). With this\nupdate, a clearer error message is provided for these situations.\n(BZ#463578)\n\n* the nhfsstone benchmark utility did not work with NFS version 3 and\n4. This update adds support to nhfsstone for NFS version 3 and 4. The\nnew nhfsstone '-2', '-3', and '-4' options are used to select an NFS\nversion (similar to nfsstat(8)). (BZ#465933)\n\n* the exportfs(8) manual page contained a spelling mistake, 'djando',\nin the EXAMPLES section. (BZ#474848)\n\n* in some situations the NFS server incorrectly refused mounts to\nhosts that had a host alias in a NIS netgroup. (BZ#478952)\n\n* in some situations the NFS client used its cache, rather than using\nthe latest version of a file or directory from a given export. This\nupdate adds a new mount option, 'lookupcache=', which allows the NFS\nclient to control how it caches files and directories. Note: The Red\nHat Enterprise Linux 5.4 kernel update (the fourth regular update)\nmust be installed in order to use the 'lookupcache=' option. Also,\n'lookupcache=' is currently only available for NFS version 3. Support\nfor NFS version 4 may be introduced in future Red Hat Enterprise Linux\n5 updates. Refer to Red Hat Bugzilla #511312 for further information.\n(BZ#489335)\n\nUsers of nfs-utils should upgrade to this updated package, which\ncontains backported patches to correct these issues. After installing\nthis update, the nfs service will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1321\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nfs-utils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nfs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1321\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nfs-utils-1.0.9-42.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nfs-utils-1.0.9-42.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nfs-utils-1.0.9-42.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nfs-utils\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:09:08", "bulletinFamily": "scanner", "description": "A security vulnerability has been identified and fixed in nfs-utils,\nwhich caused TCP Wrappers to ignore netgroups and allows remote\nattackers to bypass intended access restrictions (CVE-2008-4552).\n\nThe updated packages have been patched to prevent this.", "modified": "2019-01-02T00:00:00", "published": "2009-04-23T00:00:00", "id": "MANDRIVA_MDVSA-2009-060.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=37261", "title": "Mandriva Linux Security Advisory : nfs-utils (MDVSA-2009:060)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:060. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37261);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2019/01/02 16:37:54\");\n\n script_cve_id(\"CVE-2008-4552\");\n script_bugtraq_id(31823);\n script_xref(name:\"MDVSA\", value:\"2009:060\");\n\n script_name(english:\"Mandriva Linux Security Advisory : nfs-utils (MDVSA-2009:060)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A security vulnerability has been identified and fixed in nfs-utils,\nwhich caused TCP Wrappers to ignore netgroups and allows remote\nattackers to bypass intended access restrictions (CVE-2008-4552).\n\nThe updated packages have been patched to prevent this.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nfs-utils and / or nfs-utils-clients packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nfs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nfs-utils-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"nfs-utils-1.1.0-12.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"nfs-utils-clients-1.1.0-12.2mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"nfs-utils-1.1.1-9.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"nfs-utils-clients-1.1.1-9.2mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:08:55", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200903-06\n(nfs-utils: Access restriction bypass)\n\n Michele Marcionelli reported that nfs-utils invokes the hosts_ctl()\n function with the wrong order of arguments, which causes TCP Wrappers\n to ignore netgroups.\nImpact :\n\n A remote attacker could bypass intended access restrictions, i.e. NFS\n netgroups, and gain access to restricted services.\nWorkaround :\n\n There is no known workaround at this time.", "modified": "2018-07-11T00:00:00", "published": "2009-03-08T00:00:00", "id": "GENTOO_GLSA-200903-06.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35796", "title": "GLSA-200903-06 : nfs-utils: Access restriction bypass", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200903-06.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35796);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/11 17:09:25\");\n\n script_cve_id(\"CVE-2008-4552\");\n script_bugtraq_id(31823);\n script_xref(name:\"GLSA\", value:\"200903-06\");\n\n script_name(english:\"GLSA-200903-06 : nfs-utils: Access restriction bypass\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200903-06\n(nfs-utils: Access restriction bypass)\n\n Michele Marcionelli reported that nfs-utils invokes the hosts_ctl()\n function with the wrong order of arguments, which causes TCP Wrappers\n to ignore netgroups.\n \nImpact :\n\n A remote attacker could bypass intended access restrictions, i.e. NFS\n netgroups, and gain access to restricted services.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200903-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All nfs-utils users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-fs/nfs-utils-1.1.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nfs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-fs/nfs-utils\", unaffected:make_list(\"ge 1.1.3\"), vulnerable:make_list(\"lt 1.1.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nfs-utils\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:30", "bulletinFamily": "scanner", "description": "This update of nfs-utils fixes the handling of the tcp wrapper ACLs.\n(CVE-2008-4552)", "modified": "2012-05-17T00:00:00", "published": "2009-09-24T00:00:00", "id": "SUSE_NFS-UTILS-5713.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41564", "title": "SuSE 10 Security Update : nfs-utils (ZYPP Patch Number 5713)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41564);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:20:15 $\");\n\n script_cve_id(\"CVE-2008-4552\");\n\n script_name(english:\"SuSE 10 Security Update : nfs-utils (ZYPP Patch Number 5713)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of nfs-utils fixes the handling of the tcp wrapper ACLs.\n(CVE-2008-4552)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-4552.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5713.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"nfs-utils-1.0.7-36.31\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"nfs-utils-1.0.7-36.31\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:14:17", "bulletinFamily": "scanner", "description": "It was discovered that nfs-utils did not use tcp_wrappers correctly.\nCertain hosts access rules defined in '/etc/hosts.allow' and\n'/etc/hosts.deny' may not have been honored, possibly allowing remote\nattackers to bypass intended access restrictions. (CVE-2008-4552)\n\nThis updated package also fixes the following bugs :\n\n - the 'LOCKD_TCPPORT' and 'LOCKD_UDPPORT' options in\n '/etc/sysconfig/nfs' were not honored: the lockd daemon\n continued to use random ports. With this update, these\n options are honored. (BZ#434795)\n\n - it was not possible to mount NFS file systems from a\n system that has the '/etc/' directory mounted on a\n read-only file system (this could occur on systems with\n an NFS-mounted root file system). With this update, it\n is possible to mount NFS file systems from a system that\n has '/etc/' mounted on a read-only file system.\n (BZ#450646)\n\n - arguments specified by 'STATDARG=' in\n '/etc/sysconfig/nfs' were removed by the nfslock init\n script, meaning the arguments specified were never\n passed to rpc.statd. With this update, the nfslock init\n script no longer removes these arguments. (BZ#459591)\n\n - when mounting an NFS file system from a host not\n specified in the NFS server's '/etc/exports' file, a\n misleading 'unknown host' error was logged on the server\n (the hostname lookup did not fail). With this update, a\n clearer error message is provided for these situations.\n (BZ#463578)\n\n - the nhfsstone benchmark utility did not work with NFS\n version 3 and 4. This update adds support to nhfsstone\n for NFS version 3 and 4. The new nhfsstone '-2', '-3',\n and '-4' options are used to select an NFS version\n (similar to nfsstat(8)). (BZ#465933)\n\n - the exportfs(8) manual page contained a spelling\n mistake, 'djando', in the EXAMPLES section. (BZ#474848)\n\n - in some situations the NFS server incorrectly refused\n mounts to hosts that had a host alias in a NIS netgroup.\n (BZ#478952)\n\n - in some situations the NFS client used its cache, rather\n than using the latest version of a file or directory\n from a given export. This update adds a new mount\n option, 'lookupcache=', which allows the NFS client to\n control how it caches files and directories. Note: The\n Scientific Linux 2.6.18-164 or later kernel update must\n be installed in order to use the 'lookupcache=' option.\n Also, 'lookupcache=' is currently only available for NFS\n version 3. Support for NFS version 4 may be introduced\n in future Scientific Linux 5 updates. (BZ#489335)\n\nAfter installing this update, the nfs service will be restarted\nautomatically.\n\nNote: This update is already in SL 5.4", "modified": "2019-01-02T00:00:00", "published": "2012-08-01T00:00:00", "id": "SL_20090902_NFS_UTILS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60656", "title": "Scientific Linux Security Update : nfs-utils on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60656);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/01/02 10:36:42\");\n\n script_cve_id(\"CVE-2008-4552\");\n\n script_name(english:\"Scientific Linux Security Update : nfs-utils on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that nfs-utils did not use tcp_wrappers correctly.\nCertain hosts access rules defined in '/etc/hosts.allow' and\n'/etc/hosts.deny' may not have been honored, possibly allowing remote\nattackers to bypass intended access restrictions. (CVE-2008-4552)\n\nThis updated package also fixes the following bugs :\n\n - the 'LOCKD_TCPPORT' and 'LOCKD_UDPPORT' options in\n '/etc/sysconfig/nfs' were not honored: the lockd daemon\n continued to use random ports. With this update, these\n options are honored. (BZ#434795)\n\n - it was not possible to mount NFS file systems from a\n system that has the '/etc/' directory mounted on a\n read-only file system (this could occur on systems with\n an NFS-mounted root file system). With this update, it\n is possible to mount NFS file systems from a system that\n has '/etc/' mounted on a read-only file system.\n (BZ#450646)\n\n - arguments specified by 'STATDARG=' in\n '/etc/sysconfig/nfs' were removed by the nfslock init\n script, meaning the arguments specified were never\n passed to rpc.statd. With this update, the nfslock init\n script no longer removes these arguments. (BZ#459591)\n\n - when mounting an NFS file system from a host not\n specified in the NFS server's '/etc/exports' file, a\n misleading 'unknown host' error was logged on the server\n (the hostname lookup did not fail). With this update, a\n clearer error message is provided for these situations.\n (BZ#463578)\n\n - the nhfsstone benchmark utility did not work with NFS\n version 3 and 4. This update adds support to nhfsstone\n for NFS version 3 and 4. The new nhfsstone '-2', '-3',\n and '-4' options are used to select an NFS version\n (similar to nfsstat(8)). (BZ#465933)\n\n - the exportfs(8) manual page contained a spelling\n mistake, 'djando', in the EXAMPLES section. (BZ#474848)\n\n - in some situations the NFS server incorrectly refused\n mounts to hosts that had a host alias in a NIS netgroup.\n (BZ#478952)\n\n - in some situations the NFS client used its cache, rather\n than using the latest version of a file or directory\n from a given export. This update adds a new mount\n option, 'lookupcache=', which allows the NFS client to\n control how it caches files and directories. Note: The\n Scientific Linux 2.6.18-164 or later kernel update must\n be installed in order to use the 'lookupcache=' option.\n Also, 'lookupcache=' is currently only available for NFS\n version 3. Support for NFS version 4 may be introduced\n in future Scientific Linux 5 updates. (BZ#489335)\n\nAfter installing this update, the nfs service will be restarted\nautomatically.\n\nNote: This update is already in SL 5.4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=434795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=450646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=459591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=463578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=465933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=474848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=478952\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=489335\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0911&L=scientific-linux-errata&T=0&P=1589\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9dd13b24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected nfs-utils, nfs-utils-lib and / or\nnfs-utils-lib-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"nfs-utils-1.0.9-42.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nfs-utils-lib-1.0.8-7.6.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nfs-utils-lib-devel-1.0.8-7.6.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:10:24", "bulletinFamily": "scanner", "description": "a. vMA and Service Console update for newt to 0.52.2-12.el5_4.1\n\n Newt is a programming library for color text mode, widget based\n user interfaces. Newt can be used to add stacked windows, entry\n widgets, checkboxes, radio buttons, labels, plain text fields,\n scrollbars, etc., to text mode user interfaces.\n\n A heap-based buffer overflow flaw was found in the way newt\n processes content that is to be displayed in a text dialog box.\n A local attacker could issue a specially crafted text dialog box\n display request (direct or via a custom application), leading to a\n denial of service (application crash) or, potentially, arbitrary\n code execution with the privileges of the user running the\n application using the newt library.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-2905 to this issue.\n\nb. vMA and Service Console update for vMA package nfs-utils to\n 1.0.9-42.el5\n\n The nfs-utils package provides a daemon for the kernel NFS server\n and related tools.\n\n It was discovered that nfs-utils did not use tcp_wrappers\n correctly. Certain hosts access rules defined in '/etc/hosts.allow'\n and '/etc/hosts.deny' may not have been honored, possibly allowing\n remote attackers to bypass intended access restrictions.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2008-4552 to this issue.\n\nc. vMA and Service Console package glib2 updated to 2.12.3-4.el5_3.1\n\n GLib is the low-level core library that forms the basis for\n projects such as GTK+ and GNOME. It provides data structure\n handling for C, portability wrappers, and interfaces for such\n runtime functionality as an event loop, threads, dynamic loading,\n and an object system.\n\n Multiple integer overflows in glib/gbase64.c in GLib before 2.20\n allow context-dependent attackers to execute arbitrary code via a\n long string that is converted either from or to a base64\n representation.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2008-4316 to this issue.\n\nd. vMA and Service Console update for openssl to 0.9.8e-12.el5\n\n SSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-\n strength cryptography world-wide.\n\n Multiple denial of service flaws were discovered in OpenSSL's DTLS\n implementation. A remote attacker could use these flaws to cause a\n DTLS server to use excessive amounts of memory, or crash on an\n invalid memory access or NULL pointer dereference.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the names CVE-2009-1377, CVE-2009-1378,\n CVE-2009-1379, CVE-2009-1386, CVE-2009-1387 to these issues.\n\n An input validation flaw was found in the handling of the BMPString\n and UniversalString ASN1 string types in OpenSSL's\n ASN1_STRING_print_ex() function. An attacker could use this flaw to\n create a specially crafted X.509 certificate that could cause\n applications using the affected function to crash when printing\n certificate contents.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0590 to this issue.\n\ne. vMA and Service Console package bind updated to 9.3.6-4.P1.el5_4.1\n\n It was discovered that BIND was incorrectly caching responses\n without performing proper DNSSEC validation, when those responses\n were received during the resolution of a recursive client query\n that requested DNSSEC records but indicated that checking should be\n disabled. A remote attacker could use this flaw to bypass the DNSSEC\n validation check and perform a cache poisoning attack if the target\n BIND server was receiving such client queries.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-4022 to this issue.\n\nf. vMA and Service Console package expat updated to 1.95.8-8.3.el5_4.2.\n\n Two buffer over-read flaws were found in the way Expat handled\n malformed UTF-8 sequences when processing XML files. A specially-\n crafted XML file could cause applications using Expat to fail while\n parsing the file.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the names CVE-2009-3560 and CVE-2009-3720 to these\n issues.\n\ng. vMA and Service Console package openssh update to 4.3p2-36.el5_4.2\n\n A Red Hat specific patch used in the openssh packages as shipped in\n Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain\n ownership requirements for directories used as arguments for the\n ChrootDirectory configuration options. A malicious user that also\n has or previously had non-chroot shell access to a system could\n possibly use this flaw to escalate their privileges and run\n commands as any system user.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-2904 to this issue.\n\nh. vMA and Service Console package ntp updated to\n ntp-4.2.2p1-9.el5_4.1.i386.rpm\n\n A flaw was discovered in the way ntpd handled certain malformed NTP\n packets. ntpd logged information about all such packets and replied\n with an NTP packet that was treated as malformed when received by\n another ntpd. A remote attacker could use this flaw to create an NTP\n packet reply loop between two ntpd servers through a malformed packet\n with a spoofed source IP address and port, causing ntpd on those\n servers to use excessive amounts of CPU time and fill disk space with\n log messages.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-3563 to this issue. \n\ni. vMA update for package kernel to 2.6.18-164.9.1.el5\n\n Updated vMA package kernel addresses the security issues listed\n below.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2849 to the security issue fixed in\n kernel 2.6.18-128.2.1\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228,\n CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues\n fixed in kernel 2.6.18-128.6.1\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621,\n CVE-2009-3726 to the security issues fixed in kernel\n 2.6.18-128.9.1\n\nj. vMA 4.0 updates for the packages kpartx, libvolume-id,\n device-mapper-multipath, fipscheck, dbus, dbus-libs, and ed\n\n kpartx updated to 0.4.7-23.el5_3.4, libvolume-id updated to\n 095-14.20.el5 device-mapper-multipath package updated to\n 0.4.7-23.el5_3.4, fipscheck updated to 1.0.3-1.el5, dbus\n updated to 1.1.2-12.el5, dbus-libs updated to 1.1.2-12.el5,\n and ed package updated to 0.2-39.el5_2.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the names CVE-2008-3916, CVE-2009-1189 and\n CVE-2009-0115 to these issues.", "modified": "2018-08-06T00:00:00", "published": "2010-03-05T00:00:00", "id": "VMWARE_VMSA-2010-0004.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44993", "title": "VMSA-2010-0004 : ESX Service Console and vMA third-party updates", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2010-0004. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44993);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2008-3916\", \"CVE-2008-4316\", \"CVE-2008-4552\", \"CVE-2009-0115\", \"CVE-2009-0590\", \"CVE-2009-1189\", \"CVE-2009-1377\", \"CVE-2009-1378\", \"CVE-2009-1379\", \"CVE-2009-1386\", \"CVE-2009-1387\", \"CVE-2009-2695\", \"CVE-2009-2849\", \"CVE-2009-2904\", \"CVE-2009-2905\", \"CVE-2009-2908\", \"CVE-2009-3228\", \"CVE-2009-3286\", \"CVE-2009-3547\", \"CVE-2009-3560\", \"CVE-2009-3563\", \"CVE-2009-3612\", \"CVE-2009-3613\", \"CVE-2009-3620\", \"CVE-2009-3621\", \"CVE-2009-3720\", \"CVE-2009-3726\", \"CVE-2009-4022\");\n script_bugtraq_id(30815, 31602, 31823, 34100, 34256, 35001, 35138, 35174, 36304, 36515, 36552, 36639, 36706, 36723, 36824, 36827, 36901, 36936, 37118, 37203, 37255);\n script_xref(name:\"VMSA\", value:\"2010-0004\");\n\n script_name(english:\"VMSA-2010-0004 : ESX Service Console and vMA third-party updates\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESX host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"a. vMA and Service Console update for newt to 0.52.2-12.el5_4.1\n\n Newt is a programming library for color text mode, widget based\n user interfaces. Newt can be used to add stacked windows, entry\n widgets, checkboxes, radio buttons, labels, plain text fields,\n scrollbars, etc., to text mode user interfaces.\n\n A heap-based buffer overflow flaw was found in the way newt\n processes content that is to be displayed in a text dialog box.\n A local attacker could issue a specially crafted text dialog box\n display request (direct or via a custom application), leading to a\n denial of service (application crash) or, potentially, arbitrary\n code execution with the privileges of the user running the\n application using the newt library.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-2905 to this issue.\n\nb. vMA and Service Console update for vMA package nfs-utils to\n 1.0.9-42.el5\n\n The nfs-utils package provides a daemon for the kernel NFS server\n and related tools.\n\n It was discovered that nfs-utils did not use tcp_wrappers\n correctly. Certain hosts access rules defined in '/etc/hosts.allow'\n and '/etc/hosts.deny' may not have been honored, possibly allowing\n remote attackers to bypass intended access restrictions.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2008-4552 to this issue.\n\nc. vMA and Service Console package glib2 updated to 2.12.3-4.el5_3.1\n\n GLib is the low-level core library that forms the basis for\n projects such as GTK+ and GNOME. It provides data structure\n handling for C, portability wrappers, and interfaces for such\n runtime functionality as an event loop, threads, dynamic loading,\n and an object system.\n\n Multiple integer overflows in glib/gbase64.c in GLib before 2.20\n allow context-dependent attackers to execute arbitrary code via a\n long string that is converted either from or to a base64\n representation.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2008-4316 to this issue.\n\nd. vMA and Service Console update for openssl to 0.9.8e-12.el5\n\n SSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-\n strength cryptography world-wide.\n\n Multiple denial of service flaws were discovered in OpenSSL's DTLS\n implementation. A remote attacker could use these flaws to cause a\n DTLS server to use excessive amounts of memory, or crash on an\n invalid memory access or NULL pointer dereference.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the names CVE-2009-1377, CVE-2009-1378,\n CVE-2009-1379, CVE-2009-1386, CVE-2009-1387 to these issues.\n\n An input validation flaw was found in the handling of the BMPString\n and UniversalString ASN1 string types in OpenSSL's\n ASN1_STRING_print_ex() function. An attacker could use this flaw to\n create a specially crafted X.509 certificate that could cause\n applications using the affected function to crash when printing\n certificate contents.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0590 to this issue.\n\ne. vMA and Service Console package bind updated to 9.3.6-4.P1.el5_4.1\n\n It was discovered that BIND was incorrectly caching responses\n without performing proper DNSSEC validation, when those responses\n were received during the resolution of a recursive client query\n that requested DNSSEC records but indicated that checking should be\n disabled. A remote attacker could use this flaw to bypass the DNSSEC\n validation check and perform a cache poisoning attack if the target\n BIND server was receiving such client queries.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-4022 to this issue.\n\nf. vMA and Service Console package expat updated to 1.95.8-8.3.el5_4.2.\n\n Two buffer over-read flaws were found in the way Expat handled\n malformed UTF-8 sequences when processing XML files. A specially-\n crafted XML file could cause applications using Expat to fail while\n parsing the file.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the names CVE-2009-3560 and CVE-2009-3720 to these\n issues.\n\ng. vMA and Service Console package openssh update to 4.3p2-36.el5_4.2\n\n A Red Hat specific patch used in the openssh packages as shipped in\n Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain\n ownership requirements for directories used as arguments for the\n ChrootDirectory configuration options. A malicious user that also\n has or previously had non-chroot shell access to a system could\n possibly use this flaw to escalate their privileges and run\n commands as any system user.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-2904 to this issue.\n\nh. vMA and Service Console package ntp updated to\n ntp-4.2.2p1-9.el5_4.1.i386.rpm\n\n A flaw was discovered in the way ntpd handled certain malformed NTP\n packets. ntpd logged information about all such packets and replied\n with an NTP packet that was treated as malformed when received by\n another ntpd. A remote attacker could use this flaw to create an NTP\n packet reply loop between two ntpd servers through a malformed packet\n with a spoofed source IP address and port, causing ntpd on those\n servers to use excessive amounts of CPU time and fill disk space with\n log messages.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-3563 to this issue. \n\ni. vMA update for package kernel to 2.6.18-164.9.1.el5\n\n Updated vMA package kernel addresses the security issues listed\n below.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2849 to the security issue fixed in\n kernel 2.6.18-128.2.1\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228,\n CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues\n fixed in kernel 2.6.18-128.6.1\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621,\n CVE-2009-3726 to the security issues fixed in kernel\n 2.6.18-128.9.1\n\nj. vMA 4.0 updates for the packages kpartx, libvolume-id,\n device-mapper-multipath, fipscheck, dbus, dbus-libs, and ed\n\n kpartx updated to 0.4.7-23.el5_3.4, libvolume-id updated to\n 095-14.20.el5 device-mapper-multipath package updated to\n 0.4.7-23.el5_3.4, fipscheck updated to 1.0.3-1.el5, dbus\n updated to 1.1.2-12.el5, dbus-libs updated to 1.1.2-12.el5,\n and ed package updated to 0.2-39.el5_2.\n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the names CVE-2008-3916, CVE-2009-1189 and\n CVE-2009-0115 to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2010/000104.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 119, 189, 200, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2010-03-03\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 3.5.0\", patch:\"ESX350-201006407-SG\")) flag++;\nif (esx_check(ver:\"ESX 3.5.0\", patch:\"ESX350-201008406-SG\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 4.0.0\",\n patch : \"ESX400-201002404-SG\",\n patch_updates : make_list(\"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0.0\",\n patch : \"ESX400-201002406-SG\",\n patch_updates : make_list(\"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0.0\",\n patch : \"ESX400-201002407-SG\",\n patch_updates : make_list(\"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0.0\",\n patch : \"ESX400-201005403-SG\",\n patch_updates : make_list(\"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 4.0.0\",\n patch : \"ESX400-201005404-SG\",\n patch_updates : make_list(\"ESX400-201404402-SG\", \"ESX400-Update02\", \"ESX400-Update03\", \"ESX400-Update04\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:23:36", "bulletinFamily": "scanner", "description": "The remote VMware ESX host is missing a security-related patch. It is,\ntherefore, affected by multiple vulnerabilities, including remote code\nexecution vulnerabilities, in several third-party components and\nlibraries :\n\n - bind\n - expat\n - glib2\n - Kernel\n - newt\n - nfs-utils\n - NTP\n - OpenSSH\n - OpenSSL", "modified": "2018-08-06T00:00:00", "published": "2016-03-08T00:00:00", "id": "VMWARE_VMSA-2010-0004_REMOTE.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=89737", "title": "VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0004) (remote check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89737);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\n \"CVE-2008-3916\",\n \"CVE-2008-4316\",\n \"CVE-2008-4552\",\n \"CVE-2009-0115\",\n \"CVE-2009-0590\",\n \"CVE-2009-1189\",\n \"CVE-2009-1377\",\n \"CVE-2009-1378\",\n \"CVE-2009-1379\",\n \"CVE-2009-1386\",\n \"CVE-2009-1387\",\n \"CVE-2009-2695\",\n \"CVE-2009-2849\",\n \"CVE-2009-2904\",\n \"CVE-2009-2905\",\n \"CVE-2009-2908\",\n \"CVE-2009-3228\",\n \"CVE-2009-3286\",\n \"CVE-2009-3547\",\n \"CVE-2009-3560\",\n \"CVE-2009-3563\",\n \"CVE-2009-3612\",\n \"CVE-2009-3613\",\n \"CVE-2009-3620\",\n \"CVE-2009-3621\",\n \"CVE-2009-3720\",\n \"CVE-2009-3726\",\n \"CVE-2009-4022\"\n );\n script_bugtraq_id(\n 30815,\n 31602,\n 31823,\n 34100,\n 34256,\n 35001,\n 35138,\n 35174,\n 36304,\n 36515,\n 36552,\n 36639,\n 36706,\n 36723,\n 36824,\n 36827,\n 36901,\n 36936,\n 37118,\n 37203,\n 37255\n );\n script_xref(name:\"VMSA\", value:\"2010-0004\");\n\n script_name(english:\"VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0004) (remote check)\");\n script_summary(english:\"Checks the ESX / ESXi version and build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote VMware ESX host is missing a security-related patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote VMware ESX host is missing a security-related patch. It is,\ntherefore, affected by multiple vulnerabilities, including remote code\nexecution vulnerabilities, in several third-party components and\nlibraries :\n\n - bind\n - expat\n - glib2\n - Kernel\n - newt\n - nfs-utils\n - NTP\n - OpenSSH\n - OpenSSL\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2010-0004\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.vmware.com/pipermail/security-announce/2010/000104.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory that\npertains to ESX version 3.5 / 4.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 20, 119, 189, 200, 264, 362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"vmware_vsphere_detect.nbin\");\n script_require_keys(\"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Host/VMware/vsphere\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"Host/VMware/version\");\nrel = get_kb_item_or_exit(\"Host/VMware/release\");\nport = get_kb_item_or_exit(\"Host/VMware/vsphere\");\nesx = '';\n\nif (\"ESX\" >!< rel)\n audit(AUDIT_OS_NOT, \"VMware ESX/ESXi\");\n\nextract = eregmatch(pattern:\"^(ESXi?) (\\d\\.\\d).*$\", string:ver);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_APP_VER, \"VMware ESX/ESXi\");\nelse\n{\n esx = extract[1];\n ver = extract[2];\n}\n\n# fixed build numbers are the same for ESX and ESXi\nfixes = make_array(\n \"4.0\", \"236512\",\n \"3.5\", \"283373\"\n );\n\nfix = FALSE;\nfix = fixes[ver];\n\n# get the build before checking the fix for the most complete audit trail\nextract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);\nif (isnull(extract))\n audit(AUDIT_UNKNOWN_BUILD, \"VMware \" + esx, ver);\n\nbuild = int(extract[1]);\n\n# if there is no fix in the array, fix is FALSE\nif (!fix)\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n\nif (build < fix)\n{\n\n report = '\\n Version : ' + esx + \" \" + ver +\n '\\n Installed build : ' + build +\n '\\n Fixed build : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n exit(0);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"VMware \" + esx, ver, build);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:56:36", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200903-06.", "modified": "2017-07-07T00:00:00", "published": "2009-03-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63537", "id": "OPENVAS:63537", "title": "Gentoo Security Advisory GLSA 200903-06 (nfs-utils)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An error in nfs-utils allows for bypass of the netgroups restriction.\";\ntag_solution = \"All nfs-utils users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-fs/nfs-utils-1.1.3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200903-06\nhttp://bugs.gentoo.org/show_bug.cgi?id=242696\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200903-06.\";\n\n \n \n\nif(description)\n{\n script_id(63537);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-13 19:24:56 +0100 (Fri, 13 Mar 2009)\");\n script_cve_id(\"CVE-2008-4552\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200903-06 (nfs-utils)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-fs/nfs-utils\", unaffected: make_list(\"ge 1.1.3\"), vulnerable: make_list(\"lt 1.1.3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:03:18", "bulletinFamily": "scanner", "description": "Check for the Version of nfs-utils", "modified": "2018-04-06T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880676", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880676", "title": "CentOS Update for nfs-utils CESA-2009:1321 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nfs-utils CESA-2009:1321 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The nfs-utils package provides a daemon for the kernel NFS server and\n related tools.\n\n It was discovered that nfs-utils did not use tcp_wrappers correctly.\n Certain hosts access rules defined in "/etc/hosts.allow" and\n "/etc/hosts.deny" may not have been honored, possibly allowing remote\n attackers to bypass intended access restrictions. (CVE-2008-4552)\n \n This updated package also fixes the following bugs:\n \n * the "LOCKD_TCPPORT" and "LOCKD_UDPPORT" options in "/etc/sysconfig/nfs"\n were not honored: the lockd daemon continued to use random ports. With this\n update, these options are honored. (BZ#434795)\n \n * it was not possible to mount NFS file systems from a system that has\n the "/etc/" directory mounted on a read-only file system (this could occur\n on systems with an NFS-mounted root file system). With this update, it is\n possible to mount NFS file systems from a system that has "/etc/" mounted\n on a read-only file system. (BZ#450646)\n \n * arguments specified by "STATDARG=" in "/etc/sysconfig/nfs" were removed\n by the nfslock init script, meaning the arguments specified were never\n passed to rpc.statd. With this update, the nfslock init script no longer\n removes these arguments. (BZ#459591)\n \n * when mounting an NFS file system from a host not specified in the NFS\n server's "/etc/exports" file, a misleading "unknown host" error was logged\n on the server (the hostname lookup did not fail). With this update, a\n clearer error message is provided for these situations. (BZ#463578)\n \n * the nhfsstone benchmark utility did not work with NFS version 3 and 4.\n This update adds support to nhfsstone for NFS version 3 and 4. The new\n nhfsstone "-2", "-3", and "-4" options are used to select an NFS version\n (similar to nfsstat(8)). (BZ#465933)\n \n * the exportfs(8) manual page contained a spelling mistake, "djando", in\n the EXAMPLES section. (BZ#474848)\n \n * in some situations the NFS server incorrectly refused mounts to hosts\n that had a host alias in a NIS netgroup. (BZ#478952)\n \n * in some situations the NFS client used its cache, rather than using\n the latest version of a file or directory from a given export. This update\n adds a new mount option, "lookupcache=", which allows the NFS client to\n control how it caches files and directories. Note: The Red Hat Enterprise\n Linux 5.4 kernel update (the fourth regular update) must be installed in\n order to use the "lookupcache=" option. Als ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"nfs-utils on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-September/016148.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880676\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1321\");\n script_cve_id(\"CVE-2008-4552\");\n script_name(\"CentOS Update for nfs-utils CESA-2009:1321 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of nfs-utils\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"nfs-utils\", rpm:\"nfs-utils~1.0.9~42.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:08", "bulletinFamily": "scanner", "description": "The remote host is missing updates to nfs-utils announced in\nadvisory CESA-2009:1321.", "modified": "2017-07-10T00:00:00", "published": "2009-09-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64934", "id": "OPENVAS:64934", "title": "CentOS Security Advisory CESA-2009:1321 (nfs-utils)", "type": "openvas", "sourceData": "#CESA-2009:1321 64934 2\n# $Id: ovcesa2009_1321.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1321 (nfs-utils)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1321\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1321\";\ntag_summary = \"The remote host is missing updates to nfs-utils announced in\nadvisory CESA-2009:1321.\";\n\n\n\nif(description)\n{\n script_id(64934);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-21 23:13:00 +0200 (Mon, 21 Sep 2009)\");\n script_cve_id(\"CVE-2008-4552\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1321 (nfs-utils)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nfs-utils\", rpm:\"nfs-utils~1.0.9~42.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:20", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n nfs-utils\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040680 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65471", "id": "OPENVAS:65471", "title": "SLES9: Security update for nfs-utils", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5040680.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for nfs-utils\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n nfs-utils\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040680 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65471);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-4552\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for nfs-utils\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nfs-utils\", rpm:\"nfs-utils~1.0.6~103.33\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:25:11", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2009-1321", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122449", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122449", "title": "Oracle Linux Local Check: ELSA-2009-1321", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1321.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122449\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:45:34 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1321\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1321 - nfs-utils security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1321\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1321.html\");\n script_cve_id(\"CVE-2008-4552\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"nfs-utils\", rpm:\"nfs-utils~1.0.9~42.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:38", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n nfs-utils\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040680 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065471", "id": "OPENVAS:136141256231065471", "title": "SLES9: Security update for nfs-utils", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5040680.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for nfs-utils\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n nfs-utils\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040680 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65471\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-4552\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for nfs-utils\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nfs-utils\", rpm:\"nfs-utils~1.0.6~103.33\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update to nfs-utils\nannounced via advisory MDVSA-2009:060-1.", "modified": "2018-04-06T00:00:00", "published": "2009-03-31T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063647", "id": "OPENVAS:136141256231063647", "title": "Mandrake Security Advisory MDVSA-2009:060-1 (nfs-utils)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_060_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:060-1 (nfs-utils)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A security vulnerability has been identified and fixed in nfs-utils,\nwhich caused TCP Wrappers to ignore netgroups and allows remote\nattackers to bypass intended access restrictions (CVE-2008-4552).\n\nThe updated packages have been patched to prevent this.\n\nUpdate:\n\nThe Corporate Server 4 packages had the wrong release number (lower\nthan before) which prevented the update packages from being installed\nautomatically. This problem has now been solved with new packages\nwith the correct release number.\n\nAffected: Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:060-1\";\ntag_summary = \"The remote host is missing an update to nfs-utils\nannounced via advisory MDVSA-2009:060-1.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63647\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2008-4552\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:060-1 (nfs-utils)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nfs-utils\", rpm:\"nfs-utils~1.0.9~1.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-utils-clients\", rpm:\"nfs-utils-clients~1.0.9~1.1.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:30:05", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-687-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840339", "id": "OPENVAS:840339", "title": "Ubuntu Update for nfs-utils vulnerability USN-687-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_687_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for nfs-utils vulnerability USN-687-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that nfs-utils did not properly enforce netgroup\n restrictions when using TCP Wrappers. Remote attackers could bypass the\n netgroup restrictions enabled by the administrator and possibly gain\n access to sensitive information.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-687-1\";\ntag_affected = \"nfs-utils vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 7.10 ,\n Ubuntu 8.04 LTS ,\n Ubuntu 8.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-687-1/\");\n script_id(840339);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"687-1\");\n script_cve_id(\"CVE-2008-4552\");\n script_name( \"Ubuntu Update for nfs-utils vulnerability USN-687-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nfs-common\", ver:\"1.0.7-3ubuntu2.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nfs-kernel-server\", ver:\"1.0.7-3ubuntu2.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nhfsstone\", ver:\"1.0.7-3ubuntu2.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nfs-common\", ver:\"1.1.2-4ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nfs-kernel-server\", ver:\"1.1.2-4ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nfs-common\", ver:\"1.1.2-2ubuntu2.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nfs-kernel-server\", ver:\"1.1.2-2ubuntu2.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"nfs-common\", ver:\"1.1.1~git-20070709-3ubuntu1.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"nfs-kernel-server\", ver:\"1.1.1~git-20070709-3ubuntu1.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:56:00", "bulletinFamily": "scanner", "description": "The remote host is missing updates to nfs-utils announced in\nadvisory RHSA-2009:1321.\n\nIt was discovered that nfs-utils did not use tcp_wrappers correctly.\nCertain hosts access rules defined in /etc/hosts.allow and\n/etc/hosts.deny may not have been honored, possibly allowing remote\nattackers to bypass intended access restrictions. (CVE-2008-4552)", "modified": "2017-07-12T00:00:00", "published": "2009-09-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64798", "id": "OPENVAS:64798", "title": "RedHat Security Advisory RHSA-2009:1321", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1321.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1321 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"Intall the update. After installing the update,\nthe nfs service will be restarted automatically.\n\nPlease note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\ntag_summary = \"The remote host is missing updates to nfs-utils announced in\nadvisory RHSA-2009:1321.\n\nIt was discovered that nfs-utils did not use tcp_wrappers correctly.\nCertain hosts access rules defined in /etc/hosts.allow and\n/etc/hosts.deny may not have been honored, possibly allowing remote\nattackers to bypass intended access restrictions. (CVE-2008-4552)\";\n\n\n\n\nif(description)\n{\n script_id(64798);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-09 02:15:49 +0200 (Wed, 09 Sep 2009)\");\n script_cve_id(\"CVE-2008-4552\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1321\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1321.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#low\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nfs-utils\", rpm:\"nfs-utils~1.0.9~42.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nfs-utils-debuginfo\", rpm:\"nfs-utils-debuginfo~1.0.9~42.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:22", "bulletinFamily": "scanner", "description": "The remote host is missing updates to nfs-utils announced in\nadvisory CESA-2009:1321.", "modified": "2018-04-06T00:00:00", "published": "2009-09-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064934", "id": "OPENVAS:136141256231064934", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1321 (nfs-utils)", "sourceData": "#CESA-2009:1321 64934 2\n# $Id: ovcesa2009_1321.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1321 (nfs-utils)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1321\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1321\";\ntag_summary = \"The remote host is missing updates to nfs-utils announced in\nadvisory CESA-2009:1321.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64934\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-21 23:13:00 +0200 (Mon, 21 Sep 2009)\");\n script_cve_id(\"CVE-2008-4552\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1321 (nfs-utils)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nfs-utils\", rpm:\"nfs-utils~1.0.9~42.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:24:26", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:1321\n\n\nThe nfs-utils package provides a daemon for the kernel NFS server and\nrelated tools.\n\nIt was discovered that nfs-utils did not use tcp_wrappers correctly.\nCertain hosts access rules defined in \"/etc/hosts.allow\" and\n\"/etc/hosts.deny\" may not have been honored, possibly allowing remote\nattackers to bypass intended access restrictions. (CVE-2008-4552)\n\nThis updated package also fixes the following bugs:\n\n* the \"LOCKD_TCPPORT\" and \"LOCKD_UDPPORT\" options in \"/etc/sysconfig/nfs\"\nwere not honored: the lockd daemon continued to use random ports. With this\nupdate, these options are honored. (BZ#434795)\n\n* it was not possible to mount NFS file systems from a system that has\nthe \"/etc/\" directory mounted on a read-only file system (this could occur\non systems with an NFS-mounted root file system). With this update, it is\npossible to mount NFS file systems from a system that has \"/etc/\" mounted\non a read-only file system. (BZ#450646)\n\n* arguments specified by \"STATDARG=\" in \"/etc/sysconfig/nfs\" were removed\nby the nfslock init script, meaning the arguments specified were never\npassed to rpc.statd. With this update, the nfslock init script no longer\nremoves these arguments. (BZ#459591)\n\n* when mounting an NFS file system from a host not specified in the NFS\nserver's \"/etc/exports\" file, a misleading \"unknown host\" error was logged\non the server (the hostname lookup did not fail). With this update, a\nclearer error message is provided for these situations. (BZ#463578)\n\n* the nhfsstone benchmark utility did not work with NFS version 3 and 4.\nThis update adds support to nhfsstone for NFS version 3 and 4. The new\nnhfsstone \"-2\", \"-3\", and \"-4\" options are used to select an NFS version\n(similar to nfsstat(8)). (BZ#465933)\n\n* the exportfs(8) manual page contained a spelling mistake, \"djando\", in\nthe EXAMPLES section. (BZ#474848)\n\n* in some situations the NFS server incorrectly refused mounts to hosts\nthat had a host alias in a NIS netgroup. (BZ#478952)\n\n* in some situations the NFS client used its cache, rather than using\nthe latest version of a file or directory from a given export. This update\nadds a new mount option, \"lookupcache=\", which allows the NFS client to\ncontrol how it caches files and directories. Note: The Red Hat Enterprise\nLinux 5.4 kernel update (the fourth regular update) must be installed in\norder to use the \"lookupcache=\" option. Also, \"lookupcache=\" is currently\nonly available for NFS version 3. Support for NFS version 4 may be\nintroduced in future Red Hat Enterprise Linux 5 updates. Refer to Red Hat\nBugzilla #511312 for further information. (BZ#489335)\n\nUsers of nfs-utils should upgrade to this updated package, which contains\nbackported patches to correct these issues. After installing this update,\nthe nfs service will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-September/016147.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-September/016148.html\n\n**Affected packages:**\nnfs-utils\n\n**Upstream details at:**\n", "modified": "2009-09-15T19:34:40", "published": "2009-09-15T19:34:40", "href": "http://lists.centos.org/pipermail/centos-announce/2009-September/016147.html", "id": "CESA-2009:1321", "title": "nfs security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:40:16", "bulletinFamily": "unix", "description": "[1.0.9-42 ]\n- mountd: Check host alias with netgroups (bz 478952)\n- exportfs: fixed typo in man page (bz 474848)\n- nfs.init: NFS server reboot results in 'Stale NFS file handle' (bz 474449) \n- nfslock.init: options not correctly parsed (bz 459591)\n- mount.nfs: mounts fail with read-only /etc (bz 450646)\n- nfslock.init: lockd not using settings in sysconfig/nfs (bz 434795)\n- tcpwrappers: updated code to correctly use api (bz 494878)\n- nhfsstone: added v3 and v4 support (bz 465933)\n- mount.nfs: add support for lookupcache= option (bz 489335).\n[1.0.9-41]\n- clarify 'mount request from unknown host' log message from mountd (bz 463578)", "modified": "2009-09-08T00:00:00", "published": "2009-09-08T00:00:00", "id": "ELSA-2009-1321", "href": "http://linux.oracle.com/errata/ELSA-2009-1321.html", "title": "nfs-utils security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:31", "bulletinFamily": "software", "description": "NIS netgroup restrictions are ignored by TCP Wrappers, allowing remote attackers to bypass intended access restrictions.", "modified": "2008-11-02T00:00:00", "published": "2008-11-02T00:00:00", "id": "SECURITYVULNS:VULN:9398", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9398", "title": "nfs protection bypass", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:28", "bulletinFamily": "software", "description": "rPath Security Advisory: 2008-0307-1\r\nPublished: 2008-10-30\r\nProducts:\r\n rPath Appliance Platform Linux Service 1\r\n rPath Appliance Platform Linux Service 2\r\n rPath Linux 1\r\n rPath Linux 2\r\n\r\nRating: Minor\r\nExposure Level Classification:\r\n Remote Vulnerability\r\nUpdated Versions:\r\n nfs-client=conary.rpath.com@rpl:1/1.0.7-14.13-1\r\n nfs-client=conary.rpath.com@rpl:2/1.0.10-7.1-1\r\n nfs-server=conary.rpath.com@rpl:2/1.0.10-7.1-1\r\n nfs-utils=conary.rpath.com@rpl:1/1.0.7-14.13-1\r\n nfs-utils=conary.rpath.com@rpl:2/1.0.10-7.1-1\r\n\r\nrPath Issue Tracking System:\r\n https://issues.rpath.com/browse/RPL-2868\r\n\r\nReferences:\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552\r\n\r\nDescription:\r\n Previous versions of the nfs-utils package contain a bug that causes\r\n NIS netgroup restrictions to be ignored by TCP Wrappers, which may\r\n allow remote attackers to bypass intended access restrictions.\r\n\r\nhttp://wiki.rpath.com/Advisories:rPSA-2008-0307\r\n\r\nCopyright 2008 rPath, Inc.\r\nThis file is distributed under the terms of the MIT License.\r\nA copy is available at http://www.rpath.com/permanent/mit-license.html", "modified": "2008-11-02T00:00:00", "published": "2008-11-02T00:00:00", "id": "SECURITYVULNS:DOC:20799", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20799", "title": "rPSA-2008-0307-1 nfs-client nfs-server nfs-utils", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:04", "bulletinFamily": "unix", "description": "### Background\n\nnfs-utils contains the client and daemon implementations for the NFS protocol. \n\n### Description\n\nMichele Marcionelli reported that nfs-utils invokes the hosts_ctl() function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups. \n\n### Impact\n\nA remote attacker could bypass intended access restrictions, i.e. NFS netgroups, and gain access to restricted services. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll nfs-utils users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-fs/nfs-utils-1.1.3\"", "modified": "2009-03-07T00:00:00", "published": "2009-03-07T00:00:00", "id": "GLSA-200903-06", "href": "https://security.gentoo.org/glsa/200903-06", "type": "gentoo", "title": "nfs-utils: Access restriction bypass", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:12", "bulletinFamily": "unix", "description": "It was discovered that nfs-utils did not properly enforce netgroup restrictions when using TCP Wrappers. Remote attackers could bypass the netgroup restrictions enabled by the administrator and possibly gain access to sensitive information.", "modified": "2008-12-04T00:00:00", "published": "2008-12-04T00:00:00", "id": "USN-687-1", "href": "https://usn.ubuntu.com/687-1/", "title": "nfs-utils vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T21:23:38", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 31823\r\nCVE(CAN) ID: CVE-2008-4552\r\n\r\nnfs-utils\u8f6f\u4ef6\u5305\u53ef\u63d0\u4f9b\u5185\u6838NFS\u670d\u52a1\u5668\u548c\u76f8\u5173\u5de5\u5177\u7684\u5b88\u62a4\u7a0b\u5e8f\u3002\r\n\r\nnfs-utils\u8f6f\u4ef6\u5305\u7684TCP\u5c01\u88c5\u7a0b\u5e8f\u5b9e\u73b0\u7528\u9519\u8bef\u7684\u53c2\u6570\u5e8f\u5217\u8c03\u7528\u4e86hosts_ctl()\u51fd\u6570\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u7ed5\u8fc7\u5bf9NFS netgroup\u6240\u5b9e\u65bd\u7684\u8bbf\u95ee\u63a7\u5236\u89c4\u5219\uff0c\u83b7\u5f97\u5bf9\u53d7\u9650\u670d\u52a1\u7684\u8bbf\u95ee\u3002\r\n\n\nsourceforge nfs-utils 1.0.9\n sourceforge\r\n-----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://freshmeat.net/projects/nfs-utils/ target=_blank>http://freshmeat.net/projects/nfs-utils/</a>", "modified": "2008-10-22T00:00:00", "published": "2008-10-22T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4270", "id": "SSV:4270", "type": "seebug", "title": "nfs-utils\u8f6f\u4ef6\u5305hosts_ctl()\u51fd\u6570\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "vmware": [{"lastseen": "2018-09-02T02:40:37", "bulletinFamily": "unix", "description": "a. vMA and Service Console update for newt to 0.52.2-12.el5_4.1 \n \nNewt is a programming library for color text mode, widget based user interfaces. Newt can be used to add stacked windows, entry widgets, checkboxes, radio buttons, labels, plain text fields, scrollbars, etc., to text mode user interfaces. \nA heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library. \nThe Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2905 to this issue. \nThe following table lists what action remediates the vulnerability (column 4) if a solution is available. \n\n", "modified": "2010-10-06T00:00:00", "published": "2010-03-03T00:00:00", "id": "VMSA-2010-0004", "href": "https://www.vmware.com/security/advisories/VMSA-2010-0004.html", "title": "ESX Service Console and vMA third party updates", "type": "vmware", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}