CVE-2012-3417

The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
jan_karalinux_diskquota
𝑥
≤ 3.16
jan_karalinux_diskquota
2.0
jan_karalinux_diskquota
3.01
jan_karalinux_diskquota
3.01:pre2
jan_karalinux_diskquota
3.01:pre3
jan_karalinux_diskquota
3.01:pre4
jan_karalinux_diskquota
3.01:pre5
jan_karalinux_diskquota
3.01:pre6
jan_karalinux_diskquota
3.01:pre7
jan_karalinux_diskquota
3.01:pre8
jan_karalinux_diskquota
3.01:pre9
jan_karalinux_diskquota
3.02
jan_karalinux_diskquota
3.03
jan_karalinux_diskquota
3.04
jan_karalinux_diskquota
3.05
jan_karalinux_diskquota
3.06
jan_karalinux_diskquota
3.07
jan_karalinux_diskquota
3.08
jan_karalinux_diskquota
3.09
jan_karalinux_diskquota
3.10
jan_karalinux_diskquota
3.11
jan_karalinux_diskquota
3.12
jan_karalinux_diskquota
3.13
jan_karalinux_diskquota
3.14
jan_karalinux_diskquota
3.15
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
quota
bookworm
4.06-1
fixed
bullseye
4.06-1
fixed
trixie
4.06-1.1
fixed
sid
4.09-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
quota
vivid
not-affected
utopic
not-affected
trusty
not-affected
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://linuxquota.git.sourceforge.net/git/gitweb.cgi?p=linuxquota/linuxquota%3Ba=commitdiff%3Bh=0abbfe92536fa5854eb65572de0cf131f80e2387
http://rhn.redhat.com/errata/RHSA-2013-0120.html
http://sourceforge.net/tracker/?func=detail&aid=2743481&group_id=18136&atid=118136
http://www.openwall.com/lists/oss-security/2012/07/19/2
http://www.openwall.com/lists/oss-security/2012/07/19/5
https://bugzilla.redhat.com/show_bug.cgi?id=566717
https://hermes.opensuse.org/messages/15509723
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://linuxquota.git.sourceforge.net/git/gitweb.cgi?p=linuxquota/linuxquota%3Ba=commitdiff%3Bh=0abbfe92536fa5854eb65572de0cf131f80e2387
http://rhn.redhat.com/errata/RHSA-2013-0120.html
http://sourceforge.net/tracker/?func=detail&aid=2743481&group_id=18136&atid=118136
http://www.openwall.com/lists/oss-security/2012/07/19/2
http://www.openwall.com/lists/oss-security/2012/07/19/5
https://bugzilla.redhat.com/show_bug.cgi?id=566717
https://hermes.opensuse.org/messages/15509723