CVE-2008-4552
EPSS 1.4%
Description
The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.
How to fix CVE-2008-4552
To remediate CVE-2008-4552, upgrade the affected package to a fixed version below.
- Debian/nfs-utils—upgrade to 1:1.1.3-1 or later
Is CVE-2008-4552 being exploited?
Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.1.3-1