[patchlogo]

Debian patch tracking system

- nfs-utils - nfs-utils/1:1.1.2-6lenny1 - series patch 08-CVE-2008-4552.patch

nfs-utils (1:1.1.2-6lenny1) 08-CVE-2008-4552.patch

Summary

 support/misc/tcpwrapper.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
download this patch

Patch contents

 http://bugs.debian.org/502680
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4552
 https://bugzilla.redhat.com/show_bug.cgi?id=458676

 nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the
 host_ctl function with the wrong order of arguments, which causes TCP
 Wrappers to ignore netgroups and allows remote attackers to bypass
 intended access restrictions.

--- nfs-utils-1.1.2/support/misc/tcpwrapper.c	2008-03-15 02:46:29.000000000 +1100
+++ nfs-utils-1.1.2/support/misc/tcpwrapper.c	2008-10-19 13:58:12.000000000 +1100
@@ -125,12 +125,12 @@ struct sockaddr_in *addr;
 	   return 0;
 
    /* Check the official name first. */
-   if (hosts_ctl(daemon, "", hp->h_name, ""))
+   if (hosts_ctl(daemon, hp->h_name, "", ""))
 	return 1;
 
    /* Check aliases. */
    for (sp = hp->h_aliases; *sp ; sp++) {
-	if (hosts_ctl(daemon, "", *sp, ""))
+	if (hosts_ctl(daemon, *sp, "", ""))
 	    return 1;
    }
page code/design/content is copyright (c) 2008 sean finney <seanius@debian.org>.
patches viewed/retrieved through this system are copyrighted by their respective authors.
browse git repo - clone git repo