The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_diskquota | Jan_kara | * | 3.16 (including) |
| Linux_diskquota | Jan_kara | 2.0 (including) | 2.0 (including) |
| Linux_diskquota | Jan_kara | 3.01 (including) | 3.01 (including) |
| Linux_diskquota | Jan_kara | 3.01-pre2 (including) | 3.01-pre2 (including) |
| Linux_diskquota | Jan_kara | 3.01-pre3 (including) | 3.01-pre3 (including) |
| Linux_diskquota | Jan_kara | 3.01-pre4 (including) | 3.01-pre4 (including) |
| Linux_diskquota | Jan_kara | 3.01-pre5 (including) | 3.01-pre5 (including) |
| Linux_diskquota | Jan_kara | 3.01-pre6 (including) | 3.01-pre6 (including) |
| Linux_diskquota | Jan_kara | 3.01-pre7 (including) | 3.01-pre7 (including) |
| Linux_diskquota | Jan_kara | 3.01-pre8 (including) | 3.01-pre8 (including) |
| Linux_diskquota | Jan_kara | 3.01-pre9 (including) | 3.01-pre9 (including) |
| Linux_diskquota | Jan_kara | 3.02 (including) | 3.02 (including) |
| Linux_diskquota | Jan_kara | 3.03 (including) | 3.03 (including) |
| Linux_diskquota | Jan_kara | 3.04 (including) | 3.04 (including) |
| Linux_diskquota | Jan_kara | 3.05 (including) | 3.05 (including) |
| Linux_diskquota | Jan_kara | 3.06 (including) | 3.06 (including) |
| Linux_diskquota | Jan_kara | 3.07 (including) | 3.07 (including) |
| Linux_diskquota | Jan_kara | 3.08 (including) | 3.08 (including) |
| Linux_diskquota | Jan_kara | 3.09 (including) | 3.09 (including) |
| Linux_diskquota | Jan_kara | 3.10 (including) | 3.10 (including) |
| Linux_diskquota | Jan_kara | 3.11 (including) | 3.11 (including) |
| Linux_diskquota | Jan_kara | 3.12 (including) | 3.12 (including) |
| Linux_diskquota | Jan_kara | 3.13 (including) | 3.13 (including) |
| Linux_diskquota | Jan_kara | 3.14 (including) | 3.14 (including) |
| Linux_diskquota | Jan_kara | 3.15 (including) | 3.15 (including) |
| Red Hat Enterprise Linux 5 | RedHat | quota-1:3.13-8.el5 | * |
| Quota | Ubuntu | hardy | * |
| Quota | Ubuntu | lucid | * |
| Quota | Ubuntu | upstream | * |
References
- http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705
- http://linuxquota.git.sourceforge.net/git/gitweb.cgi?p=linuxquota/linuxquota%3Ba=commitdiff%3Bh=0abbfe92536fa5854eb65572de0cf131f80e2387
- http://rhn.redhat.com/errata/RHSA-2013-0120.html
- http://sourceforge.net/tracker/?func=detail\u0026aid=2743481\u0026group_id=18136\u0026atid=118136
- http://www.openwall.com/lists/oss-security/2012/07/19/2
- http://www.openwall.com/lists/oss-security/2012/07/19/5
- https://bugzilla.redhat.com/show_bug.cgi?id=566717
- https://hermes.opensuse.org/messages/15509723
- http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705
- http://linuxquota.git.sourceforge.net/git/gitweb.cgi?p=linuxquota/linuxquota%3Ba=commitdiff%3Bh=0abbfe92536fa5854eb65572de0cf131f80e2387
- http://rhn.redhat.com/errata/RHSA-2013-0120.html
- http://sourceforge.net/tracker/?func=detail\u0026aid=2743481\u0026group_id=18136\u0026atid=118136
- http://www.openwall.com/lists/oss-security/2012/07/19/2
- http://www.openwall.com/lists/oss-security/2012/07/19/5
- https://bugzilla.redhat.com/show_bug.cgi?id=566717
- https://hermes.opensuse.org/messages/15509723