Get the LinuxSecurity news you want faster with RSS
Powered By
Pardus: nsf-utils: Security Bypass
Posted by Benjamin D. Thomas
There is a weakness in nfs-utils, which can be exploited by malicious people to bypass certain security restrictions.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-15 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2009-01-29
Severity: 2
Type: Local
------------------------------------------------------------------------
Summary
=======
There is a weakness in nfs-utils, which can be exploited by malicious
people to bypass certain security restrictions.
Description
===========
The weakness is caused due to the nfs-utils package being build without
support for TCP wrappers, which can be exploited to e.g. bypass intended
security restrictions relying on TCP wrappers.
Affected packages:
Pardus 2008:
nfs-utils, all before 1.1.2-15-4
Resolution
==========
There are update(s) for nfs-utils. You can update them via Package
Manager or with a single command from console:
pisi up nfs-utils
References
==========
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0180
* https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00526.html
