Mixed IP/name-based access control can be bypassed (CVE-2011-2500)

Debian Bug report logs - #633155
Mixed IP/name-based access control can be bypassed (CVE-2011-2500)

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ben Hutchings <ben@decadent.org.uk>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Mixed IP/name-based access control can be bypassed (CVE-2011-2500)

Date: Sat, 09 Jul 2011 04:12:14 +0100

Package: nfs-kernel-server
Version: 1:1.2.3-3
Severity: grave
Tags: patch

>From <https://bugzilla.redhat.com/show_bug.cgi?id=716949>:
> A security flaw was found in the way nfs-utils performed authentication
> of an incoming request, when an IP based authentication mechanism was used
> and certain file systems were exported to either to a netgroup or a wildcard
> (e.g. *.my.domain), and some file systems (either the same or different to
> the first set) were exported to specific hosts, IP addresses, or a subnet.
> A remote attacker, able to create global DNS entries could use this flaw
> to access above listed, exported file systems.
> 
> References:
> [1] https://bugzilla.novell.com/show_bug.cgi?id=701702
> [2] http://www.openwall.com/lists/oss-security/2011/06/27/7
>     (CVE Request)
> 
> Relevant upstream patch:
> [3] http://marc.info/?l=linux-nfs&m=130875695821953&w=2

This bug appears to have been introduced in upstream version 1.2.3-rc4
and therefore should not affect squeeze or lenny.

Ben.

-- System Information:
Debian Release: wheezy/sid
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'oldstable-proposed-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.39-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Message #12 received at 633155-close@bugs.debian.org (full text, mbox, reply):

From: Luk Claes <luk@debian.org>

To: 633155-close@bugs.debian.org

Subject: Bug#633155: fixed in nfs-utils 1:1.2.4-1

Date: Sat, 09 Jul 2011 15:05:34 +0000

Source: nfs-utils
Source-Version: 1:1.2.4-1

We believe that the bug you reported is fixed in the latest version of
nfs-utils, which is due to be installed in the Debian FTP archive:

nfs-common_1.2.4-1_i386.deb
  to main/n/nfs-utils/nfs-common_1.2.4-1_i386.deb
nfs-kernel-server_1.2.4-1_i386.deb
  to main/n/nfs-utils/nfs-kernel-server_1.2.4-1_i386.deb
nfs-utils_1.2.4-1.debian.tar.bz2
  to main/n/nfs-utils/nfs-utils_1.2.4-1.debian.tar.bz2
nfs-utils_1.2.4-1.dsc
  to main/n/nfs-utils/nfs-utils_1.2.4-1.dsc
nfs-utils_1.2.4.orig.tar.bz2
  to main/n/nfs-utils/nfs-utils_1.2.4.orig.tar.bz2



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 633155@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luk Claes <luk@debian.org> (supplier of updated nfs-utils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 09 Jul 2011 16:28:32 +0200
Source: nfs-utils
Binary: nfs-kernel-server nfs-common
Architecture: source i386
Version: 1:1.2.4-1
Distribution: unstable
Urgency: low
Maintainer: Debian kernel team <debian-kernel@lists.debian.org>
Changed-By: Luk Claes <luk@debian.org>
Description: 
 nfs-common - NFS support files common to client and server
 nfs-kernel-server - support for NFS kernel server
Closes: 619877 626478 633155
Changes: 
 nfs-utils (1:1.2.4-1) unstable; urgency=low
 .
   * New upstream version
     - Fix host_reliable_addrinfo (Closes: #633155)
     - Allow multiple RPC listeners to share listener port number
     (Closes: #619877)
     - Add --enable-libmount-mount (Closes: #626478)
     - 12-svcgssd-document-n-option.patch applied upstream
     - Refresh 19-exports.man-Fix-comment-syntax.patch
     - 21-anticipate-RLIMIT_FSIZE.patch applied upstream
     - Add nfsidmap binary and manpage
     - Use autoreconf to avoid build failure
Checksums-Sha1: 
 2a6db0e8b6faf8a05a54ee6b6841d028a0da196d 1468 nfs-utils_1.2.4-1.dsc
 dcd6d2f55976df574005c40dded43078544e5664 664358 nfs-utils_1.2.4.orig.tar.bz2
 18be6c2d62b893ef04aa3840da0edbd6ae1ccd9c 38658 nfs-utils_1.2.4-1.debian.tar.bz2
 abf27f573ce62a4982e0905532f445e26f553a09 164210 nfs-kernel-server_1.2.4-1_i386.deb
 0867a02b7b943f25c33d4ed75119a24731699067 258820 nfs-common_1.2.4-1_i386.deb
Checksums-Sha256: 
 28211b382436d7ee5fa5995f399cc2e1fd1c91198033d83e7062b2cf999d1c29 1468 nfs-utils_1.2.4-1.dsc
 6ff1c702b1d61dc6e8c69cd977f79ab7d662dc870337ef89ca6d1b41bad026c0 664358 nfs-utils_1.2.4.orig.tar.bz2
 75b91a7f2b49a68823e06dade81dc59a667ede5c99966169d810dd33c4539534 38658 nfs-utils_1.2.4-1.debian.tar.bz2
 8effec7c7baa7f758911d9b2b87838720d2ef0622b387ae8e7a548d2736c7256 164210 nfs-kernel-server_1.2.4-1_i386.deb
 2e15814b8d31b2548be7551575dbccb453ce0af68a40960a58484319afc3f43f 258820 nfs-common_1.2.4-1_i386.deb
Files: 
 9274b8f45c875cd1b9454005e7b63781 1468 net standard nfs-utils_1.2.4-1.dsc
 938dc0574f3eb9891a8ed4746f806277 664358 net standard nfs-utils_1.2.4.orig.tar.bz2
 c9d3ab8c74c632890620abd88a666269 38658 net standard nfs-utils_1.2.4-1.debian.tar.bz2
 54d3db1a214b843053edd6f2aad15e2d 164210 net optional nfs-kernel-server_1.2.4-1_i386.deb
 5f331bc98fb7b2f690c16dd3483854d5 258820 net standard nfs-common_1.2.4-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4YaEUACgkQ5UTeB5t8Mo0DtgCdGKfPR94faoyLbTq399qTeJFd
xhEAn12B3KO6OPZZmxc17mlDsMkgkjY6
=d6jB
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.