Lucene search

RedhatCVE-2007-4135

HistorySep 05, 2007 - 1:17 a.m.

CVE-2007-4135

2007-09-0501:17:00

redhat

web.nvd.nist.gov

cve-2007-4135

nfsv4

id mapper

nfsidmap

security vulnerability

getpwnam_r

username lookup

file ownership

nvd

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.001

Percentile

30.4%

JSON

The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by “root” instead of “nobody” if the file exists on the server but not on the client.

Affected configurations

Nvd

Node

nfsv4nfsidmapRange≤0.16.22

VendorProductVersionCPE
nfsv4nfsidmapcpe:/a:nfsv4:nfsidmap::::

Vendor	Product	Version	CPE
nfsv4	nfsidmap		cpe:/a:nfsv4:nfsidmap::::

References

osvdb.org/45825

secunia.com/advisories/26674

secunia.com/advisories/27043

www.mandriva.com/security/advisories?name=MDKSA-2007:240

www.novell.com/linux/security/advisories/2007_18_sr.html

www.redhat.com/support/errata/RHSA-2007-0951.html

www.securityfocus.com/bid/26767

exchange.xforce.ibmcloud.com/vulnerabilities/36396

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9864

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.001

Percentile

30.4%

JSON

Related for CVE-2007-4135