[libnfsidmap] [CVE-2007-4135] translation flaw in name lookups
Bug #175317 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libnfsidmap (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
References:
[1] CVE-2007-4135 (http://
[2] MDKSA-2007:240 (http://
Quoting [1]:
"The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client."
CVE References
Changed in libnfsidmap: | |
importance: | Undecided → Low |
status: | New → Confirmed |
Changed in libnfsidmap (Ubuntu Dapper): | |
status: | New → Confirmed |
Changed in libnfsidmap (Ubuntu): | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
Thank you for reporting this bug to Ubuntu. dapper has reached EOL /wiki.ubuntu. com/Releases for currently supported Ubuntu
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https:/
releases.
Please feel free to report any other bugs you may find.