nfs-utils: Access restriction bypass — GLSA 200903-06

An error in nfs-utils allows for bypass of the netgroups restriction.

Affected Packages

net-fs/nfs-utils on all architectures
Affected versions < 1.1.3
Unaffected versions >= 1.1.3

Background

nfs-utils contains the client and daemon implementations for the NFS protocol.

Description

Michele Marcionelli reported that nfs-utils invokes the hosts_ctl() function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups.

Impact

A remote attacker could bypass intended access restrictions, i.e. NFS netgroups, and gain access to restricted services.

Workaround

There is no known workaround at this time.

Resolution

All nfs-utils users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-fs/nfs-utils-1.1.3"

References

Release Date
March 07, 2009

Latest Revision
March 07, 2009: 01

Severity
normal

Exploitable
remote

Bugzilla entries