Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4135

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2007-4135
Last Modified 18 Oct 2010 12:00:00
Published 04 Sep 2007 09:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2007-4135

Summary

The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client.

Vulnerable Systems

Application

  • Nfsv4 Nfsidmap 0.16.22


References

SECUNIA - 26674

XF - nfsv4-idmapper-uid-unspecified(36396)

BID - 26767

REDHAT - RHSA-2007:0951

SUSE - SUSE-SR:2007:018

MANDRIVA - MDKSA-2007:240

SECUNIA - 27043

OSVDB - 45825


Last Updated: 27 May 2016 10:45:46