Bug 254040 (CVE-2007-4135)

Summary: CVE-2007-4135 nfs-utils-lib NFSv4 user id mapping flaw
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: kreilly
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-22 22:19:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 254041, 254042    
Bug Blocks:    
Attachments:
Description Flags
Proposed patch none

Description Josh Bressers 2007-08-23 19:15:43 UTC 
Tony Ernst from SGI has discovered a flaw in the way nfsidmap maps NFSv4 unknown
uids.  If an unknown user ID is encountered on an NFSv4 mounted filesystem, the
files will default to being owned by root rather than nobody.  This could
potentially be used to elevate a users privileges.  This is fixed in nfsidmap
version 0.17.
Comment 2 Josh Bressers 2007-08-23 19:34:20 UTC 
Created attachment 172372 [details]
Proposed patch
Comment 3 Tomas Hoger 2007-09-05 15:33:26 UTC 
Issue is public now, removing embargo.
Comment 6 Vincent Danen 2010-12-22 22:19:59 UTC 
This was addressed via:

Red Hat Enterprise Linux version 5 (RHSA-2007:09510