{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-31T00:00:00", "descriptions": [{"lang": "en", "value": "The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by \"root\" instead of \"nobody\" if the file exists on the server but not on the client."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "27043", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27043"}, {"name": "oval:org.mitre.oval:def:9864", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9864"}, {"name": "RHSA-2007:0951", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0951.html"}, {"name": "SUSE-SR:2007:018", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"}, {"name": "26767", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26767"}, {"name": "MDKSA-2007:240", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:240"}, {"name": "45825", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/45825"}, {"name": "26674", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26674"}, {"name": "nfsv4-idmapper-uid-unspecified(36396)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36396"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:46:38.571Z"}, "title": "CVE Program Container", "references": [{"name": "27043", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27043"}, {"name": "oval:org.mitre.oval:def:9864", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9864"}, {"name": "RHSA-2007:0951", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0951.html"}, {"name": "SUSE-SR:2007:018", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"}, {"name": "26767", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26767"}, {"name": "MDKSA-2007:240", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:240"}, {"name": "45825", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/45825"}, {"name": "26674", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26674"}, {"name": "nfsv4-idmapper-uid-unspecified(36396)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36396"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-4135", "datePublished": "2007-09-05T01:00:00", "dateReserved": "2007-08-02T00:00:00", "dateUpdated": "2024-08-07T14:46:38.571Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nfsv4:nfsidmap:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2B304CA-FA48-4532-9093-97A1C215C955", "versionEndIncluding": "0.16.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by \"root\" instead of \"nobody\" if the file exists on the server but not on the client."}, {"lang": "es", "value": "El mapeador de ID NFSv4 (nfsidmap) versiones anteriores a 0.17 no maneja apropiadamente los valores de retorno de la funci\u00f3n getpwnam_r cuando realiza una b\u00fasqueda de nombre de usuario, lo que puede causar que reporte que un archivo es propiedad de \"root\" en lugar de \"nobody\" si el archivo existe en el servidor pero no en el cliente."}], "id": "CVE-2007-4135", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-09-05T01:17:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://osvdb.org/45825"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26674"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27043"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:240"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0951.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/26767"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36396"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9864"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/45825"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26674"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27043"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:240"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0951.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26767"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36396"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9864"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2007:0951", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "nfs-utils-lib-0:1.0.8-7.2.z2", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2007-10-02T00:00:00Z"}], "bugzilla": {"description": "nfs-utils-lib NFSv4 user id mapping flaw", "id": "254040", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=254040"}, "csaw": false, "details": ["The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by \"root\" instead of \"nobody\" if the file exists on the server but not on the client."], "name": "CVE-2007-4135", "public_date": "2007-08-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-4135\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-4135"], "threat_severity": "Moderate"}