漏洞信息详情
NFSv4 ID Mapper nfsidmap Username Lookup 本地特权提升漏洞
- CNNVD编号:CNNVD-200709-011
- 危害等级: 中危
- CVE编号: CVE-2007-4135
- 漏洞类型: 访问验证错误
- 发布时间: 2007-09-04
- 威胁类型: 本地
- 更新时间: 2007-09-06
- 厂 商: nfsv4
- 漏洞来源: Tony Ernst from SG...
漏洞简介
SUSE Linux Enterprise 10版本上的NFSv4 ID mapper (nfsidmap)存在未明漏洞。该漏洞未明攻击向量和影响,且涉及NFSv4 name lookups的uid翻译的名称。The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by \"root\" instead of \"nobody\" if the file exists on the server but not on the client.
漏洞公告
参考网址
来源: SECUNIA
名称: 26674
链接:http://secunia.com/advisories/26674
来源: XF
名称: nfsv4-idmapper-uid-unspecified(36396)
链接:http://xforce.iss.net/xforce/xfdb/36396
来源: BID
名称: 26767
链接:http://www.securityfocus.com/bid/26767
来源: REDHAT
名称: RHSA-2007:0951
链接:http://www.redhat.com/support/errata/RHSA-2007-0951.HTML
来源: SUSE
名称: SUSE-SR:2007:018
链接:http://www.novell.com/linux/security/advisories/2007_18_sr.HTML
来源: MANDRIVA
名称: MDKSA-2007:240
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:240
来源: SECUNIA
名称: 27043
链接:http://secunia.com/advisories/27043
来源: OSVDB
名称: 45825
链接:http://osvdb.org/45825
受影响实体
- Nfsv4 Nfsidmap:0.16.22
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论