Scientific Linux SL5.x Security Advisory: nfs-utils-lib Buffer Overflow

Oct 04, 2007 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory buffer overflow remote attack nfs-utils-lib Scientific Linux

Important: nfs-utils-lib security update

Date: Thu, 4 Oct 2007 10:49:43 -0500
Reply-To: Connie Sieh 
Sender: Security Errata for Scientific Linux

From: Connie Sieh 
Subject: Security ERRATA for nfs-utils-lib on SL5.x i386/x86_64
Comments: To: scientific 

Synopsis: Important: nfs-utils-lib security update
CVE Names: CVE-2007-3999
 	CVE-2007-4135

Details:

Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by nfs-utils-lib. A remote unauthenticated attacker who can
access an application linked against nfs-utils-lib could trigger this flaw
and cause the application to crash. On Red Hat Enterprise Linux 5 it is not
possible to exploit this flaw to run arbitrary code as the overflow is
blocked by FORTIFY_SOURCE. (CVE-2007-3999)

Tony Ernst from SGI has discovered a flaw in the way nfsidmap maps NFSv4
unknown uids. If an unknown user ID is encountered on an NFSv4 mounted
filesystem, the files will default to being owned by 'root' rather than
'nobody'. (CVE-2007-4135)

SL5.x

SRPMS:
 	nfs-utils-lib-1.0.8-7.2.z2.src.rpm

i386:
 	nfs-utils-lib-1.0.8-7.2.z2.i386.rpm
 	nfs-utils-lib-devel-1.0.8-7.2.z2.i386.rpm

x86_64:
 	nfs-utils-lib-1.0.8-7.2.z2.i386.rpm
 	nfs-utils-lib-1.0.8-7.2.z2.x86_64.rpm
 	nfs-utils-lib-devel-1.0.8-7.2.z2.i386.rpm
 	nfs-utils-lib-devel-1.0.8-7.2.z2.x86_64.rpm

-Connie Sieh
-Troy Dawson

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here