Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2009:060 ] nfs-utils
From: security () mandriva com
Date: Sat, 28 Feb 2009 01:49:00 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:060
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : nfs-utils
 Date    : February 27, 2009
 Affected: 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A security vulnerability has been identified and fixed in nfs-utils,
 which caused TCP Wrappers to ignore netgroups and allows remote
 attackers to bypass intended access restrictions (CVE-2008-4552).
 
 The updated packages have been patched to prevent this.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 a3309e26384dea89035a13a195eb65a9  2008.0/i586/nfs-utils-1.1.0-12.2mdv2008.0.i586.rpm
 e17379b66c0dc927eadf8b4bde947968  2008.0/i586/nfs-utils-clients-1.1.0-12.2mdv2008.0.i586.rpm 
 649c040e97748f0f6a9333f1cc07cb4e  2008.0/SRPMS/nfs-utils-1.1.0-12.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 2768e3374f20d4d87b38dc0ee53913ec  2008.0/x86_64/nfs-utils-1.1.0-12.2mdv2008.0.x86_64.rpm
 24afc643d2054f10341cc8d60abfd10e  2008.0/x86_64/nfs-utils-clients-1.1.0-12.2mdv2008.0.x86_64.rpm 
 649c040e97748f0f6a9333f1cc07cb4e  2008.0/SRPMS/nfs-utils-1.1.0-12.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 2978448adef1e93fbb4992d58820283b  2008.1/i586/nfs-utils-1.1.1-9.2mdv2008.1.i586.rpm
 94eb52f51949963cdb5b24d0aaaa5c13  2008.1/i586/nfs-utils-clients-1.1.1-9.2mdv2008.1.i586.rpm 
 7ed31ae2518e1b4cd97be3003bb52a21  2008.1/SRPMS/nfs-utils-1.1.1-9.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 fb099b1f8573176244a6b207c499e434  2008.1/x86_64/nfs-utils-1.1.1-9.2mdv2008.1.x86_64.rpm
 99fc35580bddc26bbdadc93f3793d1d2  2008.1/x86_64/nfs-utils-clients-1.1.1-9.2mdv2008.1.x86_64.rpm 
 7ed31ae2518e1b4cd97be3003bb52a21  2008.1/SRPMS/nfs-utils-1.1.1-9.2mdv2008.1.src.rpm

 Corporate 3.0:
 bc15fd3bacccf814267569fce8bcf622  corporate/3.0/i586/nfs-utils-1.0.6-2.3.100mdk.i586.rpm
 63e3c3bee48bbc938b3c31b8372aaf9e  corporate/3.0/i586/nfs-utils-clients-1.0.6-2.3.100mdk.i586.rpm 
 59f637b4fcab268c69be5b0d64cf3832  corporate/3.0/SRPMS/nfs-utils-1.0.6-2.3.100mdk.src.rpm

 Corporate 3.0/X86_64:
 3f202c3a455a9775a542a774c6792869  corporate/3.0/x86_64/nfs-utils-1.0.6-2.3.100mdk.x86_64.rpm
 15423ecfeb635a96f4d081c067008f35  corporate/3.0/x86_64/nfs-utils-clients-1.0.6-2.3.100mdk.x86_64.rpm 
 59f637b4fcab268c69be5b0d64cf3832  corporate/3.0/SRPMS/nfs-utils-1.0.6-2.3.100mdk.src.rpm

 Corporate 4.0:
 859988bb3dd95155e7caea5310011132  corporate/4.0/i586/nfs-utils-1.0.9-0.1.20060mlcs4.i586.rpm
 13a3dd01587c8299acf81dfe8b26ea78  corporate/4.0/i586/nfs-utils-clients-1.0.9-0.1.20060mlcs4.i586.rpm 
 cffaae7696e36c69627296b714dec455  corporate/4.0/SRPMS/nfs-utils-1.0.9-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 1ebdaaffad677d35d13dfd21b7f67790  corporate/4.0/x86_64/nfs-utils-1.0.9-0.1.20060mlcs4.x86_64.rpm
 f33ade5e5b007014bf849f96171f711f  corporate/4.0/x86_64/nfs-utils-clients-1.0.9-0.1.20060mlcs4.x86_64.rpm 
 cffaae7696e36c69627296b714dec455  corporate/4.0/SRPMS/nfs-utils-1.0.9-0.1.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 9d3bbbe6e938a2065dfb68ca1631b813  mnf/2.0/i586/nfs-utils-1.0.6-2.3.100mdk.i586.rpm
 56fdd741f7cb5e05bf41de1cdaab5b77  mnf/2.0/i586/nfs-utils-clients-1.0.6-2.3.100mdk.i586.rpm 
 299486c57905d6f988ad9828cedb0ad7  mnf/2.0/SRPMS/nfs-utils-1.0.6-2.3.100mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJqF1FmqjQ0CJFipgRApPwAJ43DW1JoyDhHsLU4XVoB1tJG3qTlwCgthm+
18IlBv2SUmhrfSbqJiAC9qM=
=EZNq
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2009:060 ] nfs-utils security (Feb 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault