RHSA-2007:0951: Important: nfs-utils-lib security update
First published: Tue Oct 02 2007(Updated: )
The nfs-utils-lib package contains support libraries that are needed by the<br>commands and daemons of the nfs-utils package.<br>The updated nfs-utils package fixes the following vulnerabilities:<br>Tenable Network Security discovered a stack buffer overflow flaw in the RPC<br>library used by nfs-utils-lib. A remote unauthenticated attacker who can<br>access an application linked against nfs-utils-lib could trigger this flaw<br>and cause the application to crash. On Red Hat Enterprise Linux 5 it is not<br>possible to exploit this flaw to run arbitrary code as the overflow is<br>blocked by FORTIFY_SOURCE. (CVE-2007-3999)<br>Tony Ernst from SGI has discovered a flaw in the way nfsidmap maps NFSv4<br>unknown uids. If an unknown user ID is encountered on an NFSv4 mounted<br>filesystem, the files will default to being owned by 'root' rather than<br>'nobody'. (CVE-2007-4135)<br>Users of nfs-utils-lib are advised to upgrade to this updated package,<br>which contains backported patches to resolve these issues.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2007:0951