RHSA-2009:1321: Low: nfs-utils security and bug fix update

First published: Wed Sep 02 2009(Updated: )

The nfs-utils package provides a daemon for the kernel NFS server and<br>related tools.<br>It was discovered that nfs-utils did not use tcp_wrappers correctly.<br>Certain hosts access rules defined in "/etc/hosts.allow" and<br>"/etc/hosts.deny" may not have been honored, possibly allowing remote<br>attackers to bypass intended access restrictions. (CVE-2008-4552)<br>This updated package also fixes the following bugs:<br><li> the "LOCKD_TCPPORT" and "LOCKD_UDPPORT" options in "/etc/sysconfig/nfs"</li> were not honored: the lockd daemon continued to use random ports. With this<br>update, these options are honored. (BZ#434795)<br><li> it was not possible to mount NFS file systems from a system that has</li> the "/etc/" directory mounted on a read-only file system (this could occur<br>on systems with an NFS-mounted root file system). With this update, it is<br>possible to mount NFS file systems from a system that has "/etc/" mounted<br>on a read-only file system. (BZ#450646)<br><li> arguments specified by "STATDARG=" in "/etc/sysconfig/nfs" were removed</li> by the nfslock init script, meaning the arguments specified were never<br>passed to rpc.statd. With this update, the nfslock init script no longer<br>removes these arguments. (BZ#459591)<br><li> when mounting an NFS file system from a host not specified in the NFS</li> server's "/etc/exports" file, a misleading "unknown host" error was logged<br>on the server (the hostname lookup did not fail). With this update, a<br>clearer error message is provided for these situations. (BZ#463578)<br><li> the nhfsstone benchmark utility did not work with NFS version 3 and 4.</li> This update adds support to nhfsstone for NFS version 3 and 4. The new<br>nhfsstone "-2", "-3", and "-4" options are used to select an NFS version<br>(similar to nfsstat(8)). (BZ#465933)<br><li> the exportfs(8) manual page contained a spelling mistake, "djando", in</li> the EXAMPLES section. (BZ#474848)<br><li> in some situations the NFS server incorrectly refused mounts to hosts</li> that had a host alias in a NIS netgroup. (BZ#478952)<br><li> in some situations the NFS client used its cache, rather than using</li> the latest version of a file or directory from a given export. This update<br>adds a new mount option, "lookupcache=", which allows the NFS client to<br>control how it caches files and directories. Note: The Red Hat Enterprise<br>Linux 5.4 kernel update (the fourth regular update) must be installed in<br>order to use the "lookupcache=" option. Also, "lookupcache=" is currently<br>only available for NFS version 3. Support for NFS version 4 may be<br>introduced in future Red Hat Enterprise Linux 5 updates. Refer to Red Hat<br>Bugzilla #511312 for further information. (BZ#489335)<br>Users of nfs-utils should upgrade to this updated package, which contains<br>backported patches to correct these issues. After installing this update,<br>the nfs service will be restarted automatically.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2009:1321
• agent/software-canonical-lookup
• package-manager/redhat