CVE-2007-4135

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client.

References

http://osvdb.org/45825

http://secunia.com/advisories/26674

http://secunia.com/advisories/27043

http://www.mandriva.com/security/advisories?name=MDKSA-2007:240

http://www.novell.com/linux/security/advisories/2007_18_sr.html

http://www.redhat.com/support/errata/RHSA-2007-0951.html

http://www.securityfocus.com/bid/26767

https://exchange.xforce.ibmcloud.com/vulnerabilities/36396

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9864

Details

Source: MITRE

Published: 2007-09-05

Updated: 2017-09-29

Risk Information

CVSS v2

Base Score: 6.2

Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 1.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:nfsv4:nfsidmap:*:*:*:*:*:*:*:* versions up to 0.16.22 (inclusive)

Tenable Plugins

View all (5 total)

IDNameProductFamilySeverity
67582Oracle Linux 5 : nfs-utils-lib (ELSA-2007-0951)NessusOracle Linux Local Security Checks
critical
60260Scientific Linux Security Update : nfs-utils-lib on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
43655CentOS 5 : nfs-utils-lib (CESA-2007:0951)NessusCentOS Local Security Checks
critical
29298Mandrake Linux Security Advisory : libnfsidmap (MDKSA-2007:240)NessusMandriva Local Security Checks
medium
26907RHEL 5 : nfs-utils-lib (RHSA-2007:0951)NessusRed Hat Local Security Checks
critical