The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jan_kara | linux_diskquota | 3.05 |
| jan_kara | linux_diskquota | 3.08 |
| jan_kara | linux_diskquota | 3.04 |
| jan_kara | linux_diskquota | 3.11 |
| jan_kara | linux_diskquota | 3.13 |
| jan_kara | linux_diskquota | 3.14 |
| jan_kara | linux_diskquota | 3.15 |
| jan_kara | linux_diskquota | 2.0 |
| jan_kara | linux_diskquota | 3.01 |
| jan_kara | linux_diskquota | 3.03 |
| jan_kara | linux_diskquota | 3.07 |
| jan_kara | linux_diskquota | 3.10 |
| jan_kara | linux_diskquota | 3.06 |
| jan_kara | linux_diskquota | * |
| jan_kara | linux_diskquota | 3.09 |
| jan_kara | linux_diskquota | 3.02 |
| jan_kara | linux_diskquota | 3.12 |