Pardus: nsf-utils: Security Bypass
Posted by Benjamin D. Thomas   
There is a weakness in nfs-utils, which can be exploited by malicious people to bypass certain security restrictions.

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-15            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2009-01-29
  Severity: 2
      Type: Local
------------------------------------------------------------------------

Summary
=======

There is a weakness in nfs-utils, which can be exploited  by  malicious 
people to bypass certain security restrictions. 


Description
===========



The weakness is caused due to the nfs-utils package being build without 
support for TCP wrappers, which can be exploited to e.g. bypass intended
security restrictions relying on TCP wrappers. 



Affected packages:

  Pardus 2008:
    nfs-utils, all before 1.1.2-15-4


Resolution
==========

There are update(s) for nfs-utils. You  can  update  them  via  Package 
Manager or with a single command from console: 

    pisi up nfs-utils

References
==========

  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0180
  * https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00526.html