CVE-2008-4552

Name of the Vulnerable Software and Affected Versions nfs-utils versions 1.0.9 through 1.1.3

Description The issue concerns a problem in the nfs-utils package that can lead to a breach of confidentiality, integrity, and availability of protected information. This can be exploited remotely. The good client function in nfs-utils invokes the hosts ctl function with the wrong order of arguments, causing TCP Wrappers to ignore netgroups and allowing remote attackers to bypass intended access restrictions.

Recommendations For nfs-utils versions 1.0.9 through 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the good client function until a patch is available.