Vulnerability-Lookup

CVE-2008-4552 (GCVE-0-2008-4552)

Vulnerability from cvelistv5 – Published: 2008-10-14 19:00 – Updated: 2024-08-07 10:17

Summary

The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://secunia.com/advisories/32481	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/32346	third-party-advisoryx_refsource_SECUNIA
	http://wiki.rpath.com/Advisories:rPSA-2008-0307	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/38794	third-party-advisoryx_refsource_SECUNIA
	http://lists.vmware.com/pipermail/security-announ…	mailing-listx_refsource_MLIST
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.redhat.com/support/errata/RHSA-2009-13…	vendor-advisoryx_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2012/07/19/2	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/33006	third-party-advisoryx_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=458676	x_refsource_CONFIRM
	http://secunia.com/advisories/36538	third-party-advisoryx_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2012/07/19/5	mailing-listx_refsource_MLIST
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/archive/1/497935/100…	mailing-listx_refsource_BUGTRAQ
	http://www.ubuntu.com/usn/USN-687-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/38833	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/31823	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2010/0528	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:17:09.906Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32481",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32481"
          },
          {
            "name": "32346",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32346"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0307"
          },
          {
            "name": "oval:org.mitre.oval:def:8325",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8325"
          },
          {
            "name": "38794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "name": "nfsutils-hostctl-security-bypass(45895)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45895"
          },
          {
            "name": "RHSA-2009:1321",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1321.html"
          },
          {
            "name": "[oss-security] 20120719 CVE Request: quota: incorrect use of tcp_wrappers",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/07/19/2"
          },
          {
            "name": "33006",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33006"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458676"
          },
          {
            "name": "36538",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36538"
          },
          {
            "name": "[oss-security] 20120719 Re: CVE Request: quota: incorrect use of tcp_wrappers",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/07/19/5"
          },
          {
            "name": "MDVSA-2009:060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:060"
          },
          {
            "name": "oval:org.mitre.oval:def:11544",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11544"
          },
          {
            "name": "20081030 rPSA-2008-0307-1 nfs-client nfs-server nfs-utils",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/497935/100/0/threaded"
          },
          {
            "name": "USN-687-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-687-1"
          },
          {
            "name": "38833",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38833"
          },
          {
            "name": "31823",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31823"
          },
          {
            "name": "ADV-2010-0528",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "32481",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32481"
        },
        {
          "name": "32346",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32346"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0307"
        },
        {
          "name": "oval:org.mitre.oval:def:8325",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8325"
        },
        {
          "name": "38794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38794"
        },
        {
          "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
        },
        {
          "name": "nfsutils-hostctl-security-bypass(45895)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45895"
        },
        {
          "name": "RHSA-2009:1321",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1321.html"
        },
        {
          "name": "[oss-security] 20120719 CVE Request: quota: incorrect use of tcp_wrappers",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/07/19/2"
        },
        {
          "name": "33006",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33006"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458676"
        },
        {
          "name": "36538",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36538"
        },
        {
          "name": "[oss-security] 20120719 Re: CVE Request: quota: incorrect use of tcp_wrappers",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/07/19/5"
        },
        {
          "name": "MDVSA-2009:060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:060"
        },
        {
          "name": "oval:org.mitre.oval:def:11544",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11544"
        },
        {
          "name": "20081030 rPSA-2008-0307-1 nfs-client nfs-server nfs-utils",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/497935/100/0/threaded"
        },
        {
          "name": "USN-687-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-687-1"
        },
        {
          "name": "38833",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38833"
        },
        {
          "name": "31823",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31823"
        },
        {
          "name": "ADV-2010-0528",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0528"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-4552",
    "datePublished": "2008-10-14T19:00:00.000Z",
    "dateReserved": "2008-10-14T00:00:00.000Z",
    "dateUpdated": "2024-08-07T10:17:09.906Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-JG64-HJMP-CCVG

Vulnerability from github – Published: 2022-05-02 00:11 – Updated: 2022-05-02 00:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-4552"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-10-14T20:00:00Z",
    "severity": "HIGH"
  },
  "details": "The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.",
  "id": "GHSA-jg64-hjmp-ccvg",
  "modified": "2022-05-02T00:11:12Z",
  "published": "2022-05-02T00:11:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4552"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458676"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45895"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11544"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8325"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32346"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32481"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33006"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36538"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38833"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0307"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:060"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/07/19/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/07/19/5"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1321.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/497935/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31823"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-687-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2010-AVI-106

Vulnerability from certfr_avis - Published: 2010-03-04 - Updated: 2010-03-04

Plusieurs vulnérabilités découvertes dans les produits VMware peuvent être exploitées à distance par un utilisateur malintentionné afin de compromettre le système ou d'entraver son bon fonctionnement.

Description

Les vulnérabilités présentes dans les produits VMware peuvent être exploitées afin de porter atteinte à l'intégrité et à la confidentialité des données, de réaliser un déni de service, d'injecter et d'exécuter indirectement du code arbitraire, d'élever ses privilèges ou d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware vMA 4.0 sans le patch 3.
VMware	N/A	VMware ESX 3.0.3 ;
VMware	N/A	VMware ESX 3.5 ;
VMware	N/A	VMware ESX 2.5.5 ;
VMware	N/A	VMware ESX 4.0 sans les patchs SX400-201002404-SG, SX400-201002406-SG, SX400-201002407-SG ;

References

Title

Publication Time

GSD-2008-4552

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-4552

Aliases

CVE-2008-4552

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-4552",
    "description": "The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.",
    "id": "GSD-2008-4552",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-4552.html",
      "https://access.redhat.com/errata/RHSA-2009:1321",
      "https://linux.oracle.com/cve/CVE-2008-4552.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-4552"
      ],
      "details": "The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.",
      "id": "GSD-2008-4552",
      "modified": "2023-12-13T01:22:59.213157Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-4552",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html",
            "refsource": "MISC",
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "name": "http://secunia.com/advisories/38794",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/0528",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          },
          {
            "name": "http://secunia.com/advisories/38833",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38833"
          },
          {
            "name": "http://secunia.com/advisories/32346",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32346"
          },
          {
            "name": "http://secunia.com/advisories/32481",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32481"
          },
          {
            "name": "http://secunia.com/advisories/33006",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/33006"
          },
          {
            "name": "http://secunia.com/advisories/36538",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/36538"
          },
          {
            "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0307",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0307"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:060",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:060"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2012/07/19/2",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2012/07/19/2"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2012/07/19/5",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2012/07/19/5"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2009-1321.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1321.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/497935/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/497935/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/31823",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/31823"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-687-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-687-1"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45895",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45895"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11544",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11544"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8325",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8325"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=458676",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458676"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:0.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:0.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.8:rc-3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.8:rc-4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.1.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.7:pre-2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:0.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.7:pre-1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.8:rc-1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.0.8:rc-2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.1.0:rc-1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nfs:nfs-utils:1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-4552"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32346",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32346"
            },
            {
              "name": "31823",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/31823"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0307",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0307"
            },
            {
              "name": "32481",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32481"
            },
            {
              "name": "33006",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/33006"
            },
            {
              "name": "USN-687-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-687-1"
            },
            {
              "name": "MDVSA-2009:060",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:060"
            },
            {
              "name": "ADV-2010-0528",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0528"
            },
            {
              "name": "38794",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38794"
            },
            {
              "name": "38833",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38833"
            },
            {
              "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
            },
            {
              "name": "[oss-security] 20120719 CVE Request: quota: incorrect use of tcp_wrappers",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2012/07/19/2"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=458676",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458676"
            },
            {
              "name": "[oss-security] 20120719 Re: CVE Request: quota: incorrect use of tcp_wrappers",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2012/07/19/5"
            },
            {
              "name": "36538",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36538"
            },
            {
              "name": "RHSA-2009:1321",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1321.html"
            },
            {
              "name": "nfsutils-hostctl-security-bypass(45895)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45895"
            },
            {
              "name": "oval:org.mitre.oval:def:8325",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8325"
            },
            {
              "name": "oval:org.mitre.oval:def:11544",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11544"
            },
            {
              "name": "20081030 rPSA-2008-0307-1 nfs-client nfs-server nfs-utils",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/497935/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-11T20:52Z",
      "publishedDate": "2008-10-14T20:00Z"
    }
  }
}

FKIE_CVE-2008-4552

Vulnerability from fkie_nvd - Published: 2008-10-14 20:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.vmware.com/pipermail/security-announce/2010/000082.html
secalert@redhat.com	http://secunia.com/advisories/32346	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/32481	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/33006	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/36538
secalert@redhat.com	http://secunia.com/advisories/38794	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/38833	Vendor Advisory
secalert@redhat.com	http://wiki.rpath.com/Advisories:rPSA-2008-0307
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:060
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/07/19/2
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/07/19/5
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-1321.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/497935/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/31823	Patch
secalert@redhat.com	http://www.ubuntu.com/usn/USN-687-1
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/0528	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=458676
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/45895
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11544
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8325
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2010/000082.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32346	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32481	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33006	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36538
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38794	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38833	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/Advisories:rPSA-2008-0307
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:060
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/07/19/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/07/19/5
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1321.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/497935/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31823	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-687-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0528	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=458676
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45895
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11544
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8325

Impacted products

Vendor	Product	Version
nfs	nfs-utils	*
nfs	nfs-utils	0.2
nfs	nfs-utils	0.2.1
nfs	nfs-utils	0.3.1
nfs	nfs-utils	0.3.3
nfs	nfs-utils	1.0
nfs	nfs-utils	1.0.1
nfs	nfs-utils	1.0.2
nfs	nfs-utils	1.0.3
nfs	nfs-utils	1.0.4
nfs	nfs-utils	1.0.6
nfs	nfs-utils	1.0.7
nfs	nfs-utils	1.0.7
nfs	nfs-utils	1.0.7
nfs	nfs-utils	1.0.8
nfs	nfs-utils	1.0.8
nfs	nfs-utils	1.0.8
nfs	nfs-utils	1.0.8
nfs	nfs-utils	1.0.8
nfs	nfs-utils	1.0.9
nfs	nfs-utils	1.0.10
nfs	nfs-utils	1.0.11
nfs	nfs-utils	1.0.12
nfs	nfs-utils	1.1.0
nfs	nfs-utils	1.1.0
nfs	nfs-utils	1.1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45AEA724-343E-4806-ACCE-2AA5F8F8BAAA",
              "versionEndIncluding": "1.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025FEFFD-12DD-4D29-A0FA-93DF96AFCFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "474B82D5-5D48-41ED-B2C1-68907A27491F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A6C9CB-446C-4ACF-B2CA-41A1BD5F229A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:0.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E68D7A7-DCEA-417D-AA56-D7B2EB410CDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "813B76CA-5083-4697-A484-435113B7FF88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0964EDA2-D86C-4189-9B03-61A292601649",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83865C7-D7A1-4357-8C15-9865BDECD98C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EFD8CFB-A24A-49F0-856C-4B985E203C9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4645DF7-A5C2-4E8D-A07F-22F77670D68F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8616115-30AC-4160-B196-D417AF32C7C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1234E468-8DC6-4474-8B3D-DB550AA801B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.7:pre-1:*:*:*:*:*:*",
              "matchCriteriaId": "58FA0EE6-7DBD-4105-B70A-1E04E0CC4FEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.7:pre-2:*:*:*:*:*:*",
              "matchCriteriaId": "63515439-6FCC-43D7-B8DD-D14DD4D7878E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E96A1E-5A28-4177-A26F-F19573A17775",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.8:rc-1:*:*:*:*:*:*",
              "matchCriteriaId": "8A54F7D1-A1CD-4804-B962-BC536602F6B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.8:rc-2:*:*:*:*:*:*",
              "matchCriteriaId": "2D1E56AB-B263-42AF-9034-D20AD604E50D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.8:rc-3:*:*:*:*:*:*",
              "matchCriteriaId": "0D76C312-3E5D-4176-8691-DD8C21C6A5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.8:rc-4:*:*:*:*:*:*",
              "matchCriteriaId": "D39D0EDE-8D14-42F7-BAEF-A64D559DE495",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BDF2DB8-0570-43C1-9206-14CDD027EBFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18EC9F4-50E7-4974-906E-09533BC7722C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A4A1D1B-639F-467E-BE62-1BDDDCC9671A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A54C8D7-D142-4DB5-8453-57E8612BFFC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4CED17F-B9CE-46D2-8F00-8419451E51FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.1.0:rc-1:*:*:*:*:*:*",
              "matchCriteriaId": "D0571302-7EC5-41D3-BBAE-821657A56BED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nfs:nfs-utils:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E6F15C5-4D7E-499C-84F3-777F8C4C0B49",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n good_client en nfs-utils versi\u00f3n 1.0.9, y posiblemente otras versiones anteriores a 1.1.3, invoca la funci\u00f3n hosts_ctl con el orden incorrecto de argumentos, lo que causa que la TCP Wrappers ignore los netgroups y permita a los atacantes remotos omitir las restricciones de acceso previstas."
    }
  ],
  "id": "CVE-2008-4552",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-10-14T20:00:01.667",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32346"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32481"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33006"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/36538"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38833"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0307"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:060"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/07/19/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/07/19/5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1321.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/497935/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/31823"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-687-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458676"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45895"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11544"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8325"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38833"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/07/19/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/07/19/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1321.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/497935/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/31823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-687-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11544"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8325"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "This issue affected Red Hat Enterprise Linux 5 and was addressed by\nhttps://rhn.redhat.com/errata/RHSA-2009-1321.html\n",
      "lastModified": "2009-09-02T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-4552 (GCVE-0-2008-4552)

GHSA-JG64-HJMP-CCVG

CERTA-2010-AVI-106

Description

Solution

GSD-2008-4552

FKIE_CVE-2008-4552

Tags

Sightings

Nomenclature