ID CVE-2007-4135
Summary The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client.
References
Vulnerable Configurations
  • cpe:2.3:a:nfsv4:nfsidmap:*:*:*:*:*:*:*:*
    cpe:2.3:a:nfsv4:nfsidmap:*:*:*:*:*:*:*:*
CVSS
Base: 6.2 (as of 29-09-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:H/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:22:52.738-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client.
family unix
id oval:org.mitre.oval:def:9864
status accepted
submitted 2010-07-09T03:56:16-04:00
title The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client.
version 18
redhat via4
advisories
bugzilla
id 254040
title CVE-2007-4135 nfs-utils-lib NFSv4 user id mapping flaw
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • OR
    • AND
      • comment nfs-utils-lib is earlier than 0:1.0.8-7.2.z2
        oval oval:com.redhat.rhsa:tst:20070951002
      • comment nfs-utils-lib is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070951003
    • AND
      • comment nfs-utils-lib-devel is earlier than 0:1.0.8-7.2.z2
        oval oval:com.redhat.rhsa:tst:20070951004
      • comment nfs-utils-lib-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070951005
rhsa
id RHSA-2007:0951
released 2007-10-02
severity Important
title RHSA-2007:0951: nfs-utils-lib security update (Important)
rpms
  • nfs-utils-lib-0:1.0.8-7.2.z2
  • nfs-utils-lib-devel-0:1.0.8-7.2.z2
refmap via4
bid 26767
mandriva MDKSA-2007:240
osvdb 45825
secunia
  • 26674
  • 27043
suse SUSE-SR:2007:018
xf nfsv4-idmapper-uid-unspecified(36396)
Last major update 29-09-2017 - 01:29
Published 05-09-2007 - 01:17
Back to Top