Stay Secure with the Latest Linux Advisories

security advisoryaccess controlremote access

Scientific Linux: CVE-2012-3417 Low Severity: Quota Remote Access Issue

Low: quota security and bug fix update. Date: Wed, 16 Jan 2013 16:10:14 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Security ERRATA Low: quota on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Low: quota security and bug fix update Issue Date: 2013-01-08 CVE Numbers: CVE-2012-3417 -- It was discovered that the rpc.rquotad service did not use tcp_wrapperscorrectly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.deny" may not have been honored, possibly allowing remote attackersto bypass intended access restrictions. (CVE-2012-3417) This update also fixes the following bugs: * Prior to this update, values were not properly transported via the remote procedure call (RPC) and interpreted by the client when querying the quota usage or limits for network-mounted file systems if the quota values were 2^32 kilobytes or greater. As a consequence, the client reported mangled values. This update modifies the underlying code so that such values are correctly interpreted by the client. * Prior to this update, warnquota sent messages about exceeded quota limits from a valid domain name if the warnquota tool was enabled to send warning e-mails and the superuser did not change the default warnquota configuration. As a consequence, the recipient could reply to invalid addresses. This update modifies the default warnquota configuration to use the reserved . domain. Now, warnings about exceeded quota limits are sent from the reserved domain that inform the superuser to change to the correct value. * Previously, quota utilities could not recognize the file system as having quotas enabled and refused to operate on it due to incorrect updating of /etc/mtab. This update prefers /proc/mounts to get a list of file systems with enabled quotas. Now, quota utilities recognize file systems with enabled quotas as expected. * Prior to this update, the setquota(8) tool on XFS file systems failed to set disk limits to valuesgreater than 2^31 kilobytes. This update modifies the integer conversion in the setquota(8) tool to use a 64-bit variable big enough to store such values. -- SL5 x86_64 quota-3.13-8.el5.x86_64.rpm quota-debuginfo-3.13-8.el5.x86_64.rpm i386 quota-3.13-8.el5.i386.rpm quota-debuginfo-3.13-8.el5.i386.rpm - Scientific Linux Development Team . A recent security patch for Scientific Linux has been released, aimed at resolving remote access vulnerabilities and fixing multiple bugs.. quota security fix, Scientific Linux update, remote access vulnerabilities. . Severity: Low. LinuxSecurity.com Team

Jan 16, 2013 •Low Scientific Linux