Lucene search
Ubuntu.comUB:CVE-2007-4135HistorySep 05, 2007 - 12:00 a.m.
CVE-2007-4135
2007-09-0500:00:00
ubuntu.com
ubuntu.com
15
CVSS2
6.2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
EPSS
0.001
Percentile
30.4%
The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return
values from the getpwnam_r function when performing a username lookup,
which can cause it to report a file as being owned by “root” instead of
“nobody” if the file exists on the server but not on the client.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | fix in RHSA-2007:0951-01 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 7.04 | noarch | libnfsidmap | < 0.18-0build1 | UNKNOWN |
| ubuntu | 7.10 | noarch | libnfsidmap | < 0.19-0 | UNKNOWN |
| ubuntu | 8.04 | noarch | libnfsidmap | < 0.19-0 | UNKNOWN |
| ubuntu | 8.10 | noarch | libnfsidmap | < 0.19-0 | UNKNOWN |
| ubuntu | 9.04 | noarch | libnfsidmap | < 0.19-0 | UNKNOWN |
| ubuntu | 9.10 | noarch | libnfsidmap | < 0.19-0 | UNKNOWN |
| ubuntu | 10.04 | noarch | libnfsidmap | < 0.19-0 | UNKNOWN |
| ubuntu | 10.10 | noarch | libnfsidmap | < 0.19-0 | UNKNOWN |
| ubuntu | 11.04 | noarch | libnfsidmap | < 0.19-0 | UNKNOWN |
Related
cvelist
cvelist
CVE-2007-4135
2007-09-05 01:00:00
openvas
openvas
Mandriva Update for libnfsidmap MDKSA-2007:240 (libnfsidmap)
2009-04-09 00:00:00
Mandriva Update for libnfsidmap MDKSA-2007:240 (libnfsidmap)
2009-04-09 00:00:00
debiancve
debiancve
CVE-2007-4135
2007-09-05 01:17:00
securityvulns
securityvulns
libnfsidmap / NFS privilege escalation
2007-12-12 00:00:00
[ MDKSA-2007:240 ] - Updated libnfsidmap packages fix username lookup flaw
2007-12-12 00:00:00
nvd
nvd
CVE-2007-4135
2007-09-05 01:17:00
cve
cve
CVE-2007-4135
2007-09-05 01:17:00
prion
prion
Code injection
2007-09-05 01:17:00
nessus
nessus
Mandrake Linux Security Advisory : libnfsidmap (MDKSA-2007:240)
2007-12-11 00:00:00
RHEL 5 : nfs-utils-lib (RHSA-2007:0951)
2007-10-03 00:00:00
CentOS 5 : nfs-utils-lib (CESA-2007:0951)
2010-01-06 00:00:00
oraclelinux
oraclelinux
Important: nfs-utils-lib security update
2007-10-02 00:00:00
centos
centos
nfs security update
2007-10-03 06:03:16
redhat
redhat
(RHSA-2007:0951) Important: nfs-utils-lib security update
2007-10-02 00:00:00
CVSS2
6.2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
EPSS
0.001
Percentile
30.4%
Related for UB:CVE-2007-4135