Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0951

The remote host is missing updates announced in
advisory RHSA-2007:0951.

The nfs-utils-lib package contains support libraries that are needed by the
commands and daemons of the nfs-utils package.

The updated nfs-utils package fixes the following vulnerabilities:

Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by nfs-utils-lib. A remote unauthenticated attacker who can
access an application linked against nfs-utils-lib could trigger this flaw
and cause the application to crash. On Red Hat Enterprise Linux 5 it is not
possible to exploit this flaw to run arbitrary code as the overflow is
blocked by FORTIFY_SOURCE. (CVE-2007-3999)

Tony Ernst from SGI has discovered a flaw in the way nfsidmap maps NFSv4
unknown uids. If an unknown user ID is encountered on an NFSv4 mounted
filesystem, the files will default to being owned by 'root' rather than
'nobody'. (CVE-2007-4135)

Users of nfs-utils-lib are advised to upgrade to this updated package,
which contains backported patches to resolve these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3999
BugTraq ID: 25534
BugTraq ID: 26444
Bugtraq: 20070906 rPSA-2007-0179-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Google Search)
Bugtraq: 20070912 ZDI-07-052: Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability (Google Search)
Cert/CC Advisory: TA07-319A
CERT/CC vulnerability note: VU#883632
Debian Security Information: DSA-1367 (Google Search)
Debian Security Information: DSA-1368 (Google Search)
SuSE Security Announcement: SUSE-SR:2007:019 (Google Search)
SuSE Security Announcement: SUSE-SR:2007:024 (Google Search)
XForce ISS Database: kerberos-rpcsecgss-bo(36437)
Common Vulnerability Exposure (CVE) ID: CVE-2007-4135
BugTraq ID: 26767
SuSE Security Announcement: SUSE-SR:2007:018 (Google Search)
XForce ISS Database: nfsv4-idmapper-uid-unspecified(36396)
CopyrightCopyright (c) 2007 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.