CVE-2007-4135 - Vulnerability Details - OpenCVE

The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00077.

Key SSVC decision points have not yet been added.

Vendors	Products
Nfsv4	Nfsidmap
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:nfsv4:nfsidmap:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
nfs-utils-lib-0:1.0.8-7.2.z2	cpe:/o:redhat:enterprise_linux:5	RHSA-2007:0951	2007-10-02T00:00:00Z

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://osvdb.org/45825
http://secunia.com/advisories/26674
http://secunia.com/advisories/27043
http://www.mandriva.com/security/advisories?name=MDKSA-2007:240
http://www.novell.com/linux/security/advisories/2007_18_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0951.html
http://www.securityfocus.com/bid/26767
https://exchange.xforce.ibmcloud.com/vulnerabilities/36396
https://nvd.nist.gov/vuln/detail/CVE-2007-4135
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9864
https://www.cve.org/CVERecord?id=CVE-2007-4135

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-09-05T01:00:00

Updated: 2024-08-07T14:46:38.571Z

Reserved: 2007-08-02T00:00:00

Link: CVE-2007-4135

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-09-05T01:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4135

Redhat

Severity : Moderate

Publid Date: 2007-08-31T00:00:00Z

Links: CVE-2007-4135 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-31T00:00:00", "descriptions": [{"lang": "en", "value": "The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by \"root\" instead of \"nobody\" if the file exists on the server but not on the client."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "27043", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27043"}, {"name": "oval:org.mitre.oval:def:9864", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9864"}, {"name": "RHSA-2007:0951", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0951.html"}, {"name": "SUSE-SR:2007:018", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"}, {"name": "26767", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26767"}, {"name": "MDKSA-2007:240", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:240"}, {"name": "45825", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/45825"}, {"name": "26674", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26674"}, {"name": "nfsv4-idmapper-uid-unspecified(36396)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36396"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:46:38.571Z"}, "title": "CVE Program Container", "references": [{"name": "27043", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27043"}, {"name": "oval:org.mitre.oval:def:9864", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9864"}, {"name": "RHSA-2007:0951", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0951.html"}, {"name": "SUSE-SR:2007:018", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"}, {"name": "26767", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26767"}, {"name": "MDKSA-2007:240", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:240"}, {"name": "45825", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/45825"}, {"name": "26674", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26674"}, {"name": "nfsv4-idmapper-uid-unspecified(36396)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36396"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-4135", "datePublished": "2007-09-05T01:00:00", "dateReserved": "2007-08-02T00:00:00", "dateUpdated": "2024-08-07T14:46:38.571Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nfsv4:nfsidmap:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2B304CA-FA48-4532-9093-97A1C215C955", "versionEndIncluding": "0.16.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by \"root\" instead of \"nobody\" if the file exists on the server but not on the client."}, {"lang": "es", "value": "El mapeador de ID NFSv4 (nfsidmap) versiones anteriores a 0.17 no maneja apropiadamente los valores de retorno de la funci\u00f3n getpwnam_r cuando realiza una b\u00fasqueda de nombre de usuario, lo que puede causar que reporte que un archivo es propiedad de \"root\" en lugar de \"nobody\" si el archivo existe en el servidor pero no en el cliente."}], "id": "CVE-2007-4135", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-09-05T01:17:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://osvdb.org/45825"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26674"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27043"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:240"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0951.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/26767"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36396"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9864"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/45825"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26674"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27043"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:240"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0951.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26767"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36396"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9864"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}