CVE-2012-3417

Severity

40%

Complexity

49%

Confidentiality

81%

The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny.

The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny.

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N).

Overview

Type

Jan Kara Linux DiskQuota (aka quota)

First reported 12 years ago

2012-08-13 20:55:00

Last updated 8 years ago

2016-12-08 03:02:00

Affected Software

Jan Kara Linux DiskQuota (aka quota) 2.0

2.0

Jan Kara Linux DiskQuota (aka quota) 3.01

3.01

Jan Kara Linux DiskQuota (aka quota) 3.01-pre2

3.01

Jan Kara Linux DiskQuota (aka quota) 3.01-pre3

3.01

Jan Kara Linux DiskQuota (aka quota) 3.01-pre4

3.01

Jan Kara Linux DiskQuota (aka quota) 3.01-pre5

3.01

Jan Kara Linux DiskQuota (aka quota) 3.01-pre6

3.01

Jan Kara Linux DiskQuota (aka quota) 3.01-pre7

3.01

Jan Kara Linux DiskQuota (aka quota) 3.01-pre8

3.01

Jan Kara Linux DiskQuota (aka quota) 3.01-pre9

3.01

Jan Kara Linux DiskQuota (aka quota) 3.02

3.02

Jan Kara Linux DiskQuota (aka quota) 3.03

3.03

Jan Kara Linux DiskQuota (aka quota) 3.04

3.04

Jan Kara Linux DiskQuota (aka quota) 3.05

3.05

Jan Kara Linux DiskQuota (aka quota) 3.06

3.06

Jan Kara Linux DiskQuota (aka quota) 3.07

3.07

Jan Kara Linux DiskQuota (aka quota) 3.08

3.08

Jan Kara Linux DiskQuota (aka quota) 3.09

3.09

Jan Kara Linux DiskQuota (aka quota) 3.10

3.10

Jan Kara Linux DiskQuota (aka quota) 3.11

3.11

Jan Kara Linux DiskQuota (aka quota) 3.12

3.12

Jan Kara Linux DiskQuota (aka quota) 3.13

3.13

Jan Kara Linux DiskQuota (aka quota) 3.14

3.14

Jan Kara Linux DiskQuota (aka quota) 3.15

3.15

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://linuxquota.git.sourceforge.net/git/gitweb.cgi?p=linuxquota/linuxquota;a=commitdiff;h=0abbfe92536fa5854eb65572de0cf131f80e2387

Exploit, Patch

RHSA-2013:0120

http://sourceforge.net/tracker/?func=detail&aid=2743481&group_id=18136&atid=118136

[oss-security] 20120719 CVE Request: quota: incorrect use of tcp_wrappers

[oss-security] 20120719 Re: CVE Request: quota: incorrect use of tcp_wrappers

https://bugzilla.redhat.com/show_bug.cgi?id=566717

openSUSE-SU-2012:1058

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.