[libnfsidmap] [CVE-2007-4135] translation flaw in name lookups
Bug #175317 reported by
disabled.user
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| libnfsidmap (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
| Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
References:
[1] CVE-2007-4135 (http://
[2] MDKSA-2007:240 (http://
Quoting [1]:
"The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client."
CVE References
| Changed in libnfsidmap: | |
| importance: | Undecided → Low |
| status: | New → Confirmed |
| Changed in libnfsidmap (Ubuntu Dapper): | |
| status: | New → Confirmed |
| Changed in libnfsidmap (Ubuntu): | |
| status: | Confirmed → Fix Released |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #1 |
| Changed in libnfsidmap (Ubuntu Dapper): | |
| status: | Confirmed → Won't Fix |
To post a comment you must log in.
Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https:/
releases.
Please feel free to report any other bugs you may find.