RedHat Security Advisory RHSA-2009:1321 Network Vulnerability

Summary

The remote host is missing updates to nfs-utils announced in advisory RHSA-2009:1321. It was discovered that nfs-utils did not use tcp_wrappers correctly. Certain hosts access rules defined in /etc/hosts.allow and /etc/hosts.deny may not have been honored, possibly allowing remote attackers to bypass intended access restrictions. (CVE-2008-4552)

Solution

Intall the update. After installing the update, the nfs service will be restarted automatically. Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date

References

http://rhn.redhat.com/errata/RHSA-2009-1321.html
http://www.redhat.com/security/updates/classification/#low

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4552
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

RedHat Security Advisory RHSA-2009:0261
RedHat Security Advisory RHSA-2009:0325
RedHat Security Advisory RHSA-2009:0457
RedHat Security Advisory RHSA-2009:0350
RedHat Security Advisory RHSA-2009:0408

Take action and discover your vulnerabilities