Lucene search

K

[email protected]NVD:CVE-2007-4135

HistorySep 05, 2007 - 1:17 a.m.

CVE-2007-4135

2007-09-0501:17:00

[email protected]

web.nvd.nist.gov

4

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

30.4%

The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by “root” instead of “nobody” if the file exists on the server but not on the client.

Affected configurations

Nvd

Node

nfsv4nfsidmapRange≤0.16.22

References

osvdb.org/45825

secunia.com/advisories/26674

secunia.com/advisories/27043

www.mandriva.com/security/advisories?name=MDKSA-2007:240

www.novell.com/linux/security/advisories/2007_18_sr.html

www.redhat.com/support/errata/RHSA-2007-0951.html

www.securityfocus.com/bid/26767

exchange.xforce.ibmcloud.com/vulnerabilities/36396

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9864

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

30.4%

Related for NVD:CVE-2007-4135

cvelist1 prion1 nessus5 openvas2 debiancve1 ubuntucve1 securityvulns2 cve1 oraclelinux1 centos1 redhat1