CVE-2008-4552

The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
nfsnfs-utils
𝑥
≤ 1.1.2
nfsnfs-utils
0.2
nfsnfs-utils
0.2.1
nfsnfs-utils
0.3.1
nfsnfs-utils
0.3.3
nfsnfs-utils
1.0
nfsnfs-utils
1.0.1
nfsnfs-utils
1.0.2
nfsnfs-utils
1.0.3
nfsnfs-utils
1.0.4
nfsnfs-utils
1.0.6
nfsnfs-utils
1.0.7
nfsnfs-utils
1.0.7:pre-1
nfsnfs-utils
1.0.7:pre-2
nfsnfs-utils
1.0.8
nfsnfs-utils
1.0.8:rc-1
nfsnfs-utils
1.0.8:rc-2
nfsnfs-utils
1.0.8:rc-3
nfsnfs-utils
1.0.8:rc-4
nfsnfs-utils
1.0.9
nfsnfs-utils
1.0.10
nfsnfs-utils
1.0.11
nfsnfs-utils
1.0.12
nfsnfs-utils
1.1.0
nfsnfs-utils
1.1.0:rc-1
nfsnfs-utils
1.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nfs-utils
bullseye
1:1.3.4-6+deb11u1
fixed
etch
no-dsa
bookworm
1:2.6.2-4
fixed
sid
1:2.8.1-1
fixed
trixie
1:2.8.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nfs-utils
intrepid
Fixed 1:1.1.2-4ubuntu1.1
released
hardy
Fixed 1:1.1.2-2ubuntu2.2
released
gutsy
Fixed 1:1.1.1~git-20070709-3ubuntu1.1
released
dapper
Fixed 1:1.0.7-3ubuntu2.1
released
Common Weakness Enumeration
References
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://secunia.com/advisories/32346
http://secunia.com/advisories/32481
http://secunia.com/advisories/33006
http://secunia.com/advisories/36538
http://secunia.com/advisories/38794
http://secunia.com/advisories/38833
http://wiki.rpath.com/Advisories:rPSA-2008-0307
http://www.mandriva.com/security/advisories?name=MDVSA-2009:060
http://www.openwall.com/lists/oss-security/2012/07/19/2
http://www.openwall.com/lists/oss-security/2012/07/19/5
http://www.redhat.com/support/errata/RHSA-2009-1321.html
http://www.securityfocus.com/archive/1/497935/100/0/threaded
http://www.securityfocus.com/bid/31823
http://www.ubuntu.com/usn/USN-687-1
http://www.vupen.com/english/advisories/2010/0528
https://bugzilla.redhat.com/show_bug.cgi?id=458676
https://exchange.xforce.ibmcloud.com/vulnerabilities/45895
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11544
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8325
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://secunia.com/advisories/32346
http://secunia.com/advisories/32481
http://secunia.com/advisories/33006
http://secunia.com/advisories/36538
http://secunia.com/advisories/38794
http://secunia.com/advisories/38833
http://wiki.rpath.com/Advisories:rPSA-2008-0307
http://www.mandriva.com/security/advisories?name=MDVSA-2009:060
http://www.openwall.com/lists/oss-security/2012/07/19/2
http://www.openwall.com/lists/oss-security/2012/07/19/5
http://www.redhat.com/support/errata/RHSA-2009-1321.html
http://www.securityfocus.com/archive/1/497935/100/0/threaded
http://www.securityfocus.com/bid/31823
http://www.ubuntu.com/usn/USN-687-1
http://www.vupen.com/english/advisories/2010/0528
https://bugzilla.redhat.com/show_bug.cgi?id=458676
https://exchange.xforce.ibmcloud.com/vulnerabilities/45895
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11544
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8325