Test ID:	1.3.6.1.4.1.25623.1.0.58954
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:0951
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:0951. The nfs-utils-lib package contains support libraries that are needed by the commands and daemons of the nfs-utils package. The updated nfs-utils package fixes the following vulnerabilities: Tenable Network Security discovered a stack buffer overflow flaw in the RPC library used by nfs-utils-lib. A remote unauthenticated attacker who can access an application linked against nfs-utils-lib could trigger this flaw and cause the application to crash. On Red Hat Enterprise Linux 5 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-3999) Tony Ernst from SGI has discovered a flaw in the way nfsidmap maps NFSv4 unknown uids. If an unknown user ID is encountered on an NFSv4 mounted filesystem, the files will default to being owned by 'root' rather than 'nobody'. (CVE-2007-4135) Users of nfs-utils-lib are advised to upgrade to this updated package, which contains backported patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0951.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3999 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html BugTraq ID: 25534 http://www.securityfocus.com/bid/25534 BugTraq ID: 26444 http://www.securityfocus.com/bid/26444 Bugtraq: 20070906 rPSA-2007-0179-1 krb5 krb5-server krb5-services krb5-test krb5-workstation (Google Search) http://www.securityfocus.com/archive/1/478748/100/0/threaded Bugtraq: 20070912 ZDI-07-052: Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/479251/100/0/threaded Cert/CC Advisory: TA07-319A http://www.us-cert.gov/cas/techalerts/TA07-319A.html CERT/CC vulnerability note: VU#883632 http://www.kb.cert.org/vuls/id/883632 Debian Security Information: DSA-1367 (Google Search) http://www.debian.org/security/2007/dsa-1367 Debian Security Information: DSA-1368 (Google Search) http://www.debian.org/security/2007/dsa-1368 https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00087.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00173.html http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml http://security.gentoo.org/glsa/glsa-200710-01.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:174 http://www.mandriva.com/security/advisories?name=MDKSA-2007:181 http://www.zerodayinitiative.com/advisories/ZDI-07-052.html https://bugzilla.redhat.com/show_bug.cgi?id=250973 http://lists.rpath.com/pipermail/security-announce/2007-September/000237.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3162 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9379 http://www.redhat.com/support/errata/RHSA-2007-0858.html http://www.redhat.com/support/errata/RHSA-2007-0913.html http://www.redhat.com/support/errata/RHSA-2007-0951.html http://www.securitytracker.com/id?1018647 http://secunia.com/advisories/26676 http://secunia.com/advisories/26680 http://secunia.com/advisories/26684 http://secunia.com/advisories/26691 http://secunia.com/advisories/26697 http://secunia.com/advisories/26699 http://secunia.com/advisories/26700 http://secunia.com/advisories/26705 http://secunia.com/advisories/26713 http://secunia.com/advisories/26728 http://secunia.com/advisories/26783 http://secunia.com/advisories/26792 http://secunia.com/advisories/26822 http://secunia.com/advisories/26896 http://secunia.com/advisories/26987 http://secunia.com/advisories/27043 http://secunia.com/advisories/27081 http://secunia.com/advisories/27146 http://secunia.com/advisories/27643 http://secunia.com/advisories/27756 http://secunia.com/advisories/29247 http://secunia.com/advisories/29270 http://securityreason.com/securityalert/3092 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103060-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201319-1 SuSE Security Announcement: SUSE-SR:2007:019 (Google Search) http://www.novell.com/linux/security/advisories/2007_19_sr.html SuSE Security Announcement: SUSE-SR:2007:024 (Google Search) http://www.novell.com/linux/security/advisories/2007_24_sr.html http://www.trustix.org/errata/2007/0026/ http://www.ubuntu.com/usn/usn-511-1 http://www.vupen.com/english/advisories/2007/3051 http://www.vupen.com/english/advisories/2007/3052 http://www.vupen.com/english/advisories/2007/3060 http://www.vupen.com/english/advisories/2007/3868 http://www.vupen.com/english/advisories/2008/0803/references XForce ISS Database: kerberos-rpcsecgss-bo(36437) https://exchange.xforce.ibmcloud.com/vulnerabilities/36437 Common Vulnerability Exposure (CVE) ID: CVE-2007-4135 26674 http://secunia.com/advisories/26674 26767 http://www.securityfocus.com/bid/26767 27043 45825 http://osvdb.org/45825 MDKSA-2007:240 http://www.mandriva.com/security/advisories?name=MDKSA-2007:240 RHSA-2007:0951 SUSE-SR:2007:018 http://www.novell.com/linux/security/advisories/2007_18_sr.html nfsv4-idmapper-uid-unspecified(36396) https://exchange.xforce.ibmcloud.com/vulnerabilities/36396 oval:org.mitre.oval:def:9864 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9864
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.