Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Scientific Linux: CVE-2012-3417 Low Severity: Quota Remote Access Issue

Scientific Large Esm H446
Low: quota security and bug fix update
Date: Wed, 16 Jan 2013 16:10:14 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: Security ERRATA Low: quota on SL5.x i386/x86_64
MIME-Version: 1.0

Synopsis: Low: quota security and bug fix update
Issue Date: 2013-01-08
CVE Numbers: CVE-2012-3417
--

It was discovered that the rpc.rquotad service did not use tcp_wrapperscorrectly. Certain hosts access rules defined in "/etc/hosts.allow" and
"/etc/hosts.deny" may not have been honored, possibly allowing remote
attackersto bypass intended access restrictions. (CVE-2012-3417)

This update also fixes the following bugs:

* Prior to this update, values were not properly transported via the remote
procedure call (RPC) and interpreted by the client when querying the quota
usage or limits for network-mounted file systems if the quota values
were 2^32
kilobytes or greater. As a consequence, the client reported mangled values.
This update modifies the underlying code so that such values are correctly
interpreted by the client.

* Prior to this update, warnquota sent messages about exceeded quota limits
from a valid domain name if the warnquota tool was enabled to send warning
e-mails and the superuser did not change the default warnquota
configuration.
As a consequence, the recipient could reply to invalid addresses. This
update
modifies the default warnquota configuration to use the reserved
.
domain. Now, warnings about exceeded quota limits are sent from the reserved
domain that inform the superuser to change to the correct value.

* Previously, quota utilities could not recognize the file system as having
quotas enabled and refused to operate on it due to incorrect updating of
/etc/mtab. This update prefers /proc/mounts to get a list of file
systems with
enabled quotas. Now, quota utilities recognize file systems with enabled
quotas
as expected.

* Prior to this update, the setquota(8) tool on XFS file systems failed
to set
disk limits to values greater than 2^31 kilobytes. This update modifies the
integer conversion in the setquota(8) tool to use a 64-bit variable big
enough
to store such values.
--

SL5
 x86_64
 quota-3.13-8.el5.x86_64.rpm
 quota-debuginfo-3.13-8.el5.x86_64.rpm
 i386
 quota-3.13-8.el5.i386.rpm
 quota-debuginfo-3.13-8.el5.i386.rpm

- Scientific Linux Development Team
Your message here