Mandriva Update For Libnfsidmap MDKSA-2007:240 (libnfsidmap) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The NFSv4 ID mapper prior to 0.17 did not properly handle return values from the getpwnam_r() function when performing a username lookup, which could cause it to report a file as being owned by 'root' instead of 'nobody' if the file exists on the server but not the client. The updated packages have been patched to correct these issues.

Affected

libnfsidmap on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64

Severity

Classification

CVE CVE-2007-4135

CVSS	Base Score: 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:025 (pidgin)
Mandrake Security Advisory MDVSA-2009:043 (gnumeric)
Mandrake Security Advisory MDVSA-2009:170 (initscripts)
Mandrake Security Advisory MDVSA-2009:167 (php)
Mandrake Security Advisory MDVSA-2009:032 (kernel)

Mandriva Update for libnfsidmap MDKSA-2007:240 (libnfsidmap)

Take action and discover your vulnerabilities