Operating System:

[LINUX][RedHat]

Published:

03 October 2007

Protect yourself against future threats.

//Service

Member Security Incident Notifications

Be proactive with your security and receive our daily Member Security Incident Notifications (MSINs) custom to your network.

Read more
Resources > Security Bulletins > ESB-2007.0711 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                     ESB-2007.0711 -- [Linux][RedHat]
                 Important: nfs-utils-lib security update
                              3 October 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              nfs-utils-lib
Publisher:            Red Hat
Operating System:     Red Hat Enterprise Linux 5
                      Red Hat Enterprise Linux 4
                      Linux variants
Impact:               Execute Arbitrary Code/Commands
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-4135  CVE-2007-3999

Ref:                  AL-2007.0107

Original Bulletin:    https://rhn.redhat.com/errata/RHSA-2007-0951.html
                      https://rhn.redhat.com/errata/RHSA-2007-0913.html

Revision History:    October 3 2007: This update is now available for the 
                                     Red Hat Linux 5 family of operating 
                                     systems, which also corrects 
                                     CVE-2007-4135.
                  September 20 2007: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: nfs-utils-lib security update
Advisory ID:       RHSA-2007:0951-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0951.html
Issue date:        2007-10-02
Updated on:        2007-10-02
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-3999 CVE-2007-4135 
- - ---------------------------------------------------------------------

1. Summary:

An updated nfs-utils-lib package to correct two security flaws is now
available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

The nfs-utils-lib package contains support libraries that are needed by the
commands and daemons of the nfs-utils package.

The updated nfs-utils package fixes the following vulnerabilities:

Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by nfs-utils-lib. A remote unauthenticated attacker who can
access an application linked against nfs-utils-lib could trigger this flaw
and cause the application to crash. On Red Hat Enterprise Linux 5 it is not
possible to exploit this flaw to run arbitrary code as the overflow is
blocked by FORTIFY_SOURCE. (CVE-2007-3999)

Tony Ernst from SGI has discovered a flaw in the way nfsidmap maps NFSv4
unknown uids.  If an unknown user ID is encountered on an NFSv4 mounted
filesystem, the files will default to being owned by 'root' rather than
'nobody'. (CVE-2007-4135)

Users of nfs-utils-lib are advised to upgrade to this updated package,
which contains backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

250973 - CVE-2007-3999 krb5 RPC library buffer overflow
254040 - CVE-2007-4135 nfs-utils-lib NFSv4 user id mapping flaw

6. RPMs required:

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nfs-utils-lib-1.0.8-7.2.z2.src.rpm
80a7bf1fdfb74b567f0b98882b5de084  nfs-utils-lib-1.0.8-7.2.z2.src.rpm

i386:
4a7766d840a3b84ba568a283a3acf1d3  nfs-utils-lib-1.0.8-7.2.z2.i386.rpm
77bb5a12d96fc450ad8f04fbc1abcdde  nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm

x86_64:
4a7766d840a3b84ba568a283a3acf1d3  nfs-utils-lib-1.0.8-7.2.z2.i386.rpm
0319d4618fd0cfc2ae148f91cb37eb2e  nfs-utils-lib-1.0.8-7.2.z2.x86_64.rpm
77bb5a12d96fc450ad8f04fbc1abcdde  nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm
69c11a02a653647939fc32be7c3c2dd2  nfs-utils-lib-debuginfo-1.0.8-7.2.z2.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nfs-utils-lib-1.0.8-7.2.z2.src.rpm
80a7bf1fdfb74b567f0b98882b5de084  nfs-utils-lib-1.0.8-7.2.z2.src.rpm

i386:
77bb5a12d96fc450ad8f04fbc1abcdde  nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm
c890d8f2e7e6b5fa0bb0878936f343ad  nfs-utils-lib-devel-1.0.8-7.2.z2.i386.rpm

x86_64:
77bb5a12d96fc450ad8f04fbc1abcdde  nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm
69c11a02a653647939fc32be7c3c2dd2  nfs-utils-lib-debuginfo-1.0.8-7.2.z2.x86_64.rpm
c890d8f2e7e6b5fa0bb0878936f343ad  nfs-utils-lib-devel-1.0.8-7.2.z2.i386.rpm
33fe924d3a325d426858b6aad70f1fe6  nfs-utils-lib-devel-1.0.8-7.2.z2.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nfs-utils-lib-1.0.8-7.2.z2.src.rpm
80a7bf1fdfb74b567f0b98882b5de084  nfs-utils-lib-1.0.8-7.2.z2.src.rpm

i386:
4a7766d840a3b84ba568a283a3acf1d3  nfs-utils-lib-1.0.8-7.2.z2.i386.rpm
77bb5a12d96fc450ad8f04fbc1abcdde  nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm
c890d8f2e7e6b5fa0bb0878936f343ad  nfs-utils-lib-devel-1.0.8-7.2.z2.i386.rpm

ia64:
b49bcc58f42fe1a3c1fb01aa86f40749  nfs-utils-lib-1.0.8-7.2.z2.ia64.rpm
ac743b06cbf45483ec3c22ccc7e12f86  nfs-utils-lib-debuginfo-1.0.8-7.2.z2.ia64.rpm
981f9c4878a63f59d23c1b56e88a4488  nfs-utils-lib-devel-1.0.8-7.2.z2.ia64.rpm

ppc:
f9b8f236a9cd1e0af83e75c6328034ef  nfs-utils-lib-1.0.8-7.2.z2.ppc.rpm
15f30c10412135fe3c72c3810fbff021  nfs-utils-lib-1.0.8-7.2.z2.ppc64.rpm
9912592260df40ce8844a90103269689  nfs-utils-lib-debuginfo-1.0.8-7.2.z2.ppc.rpm
6a81a1c21d61f183a9a3d32a5a434471  nfs-utils-lib-debuginfo-1.0.8-7.2.z2.ppc64.rpm
e9010a2a7b9051ef213535caf3720c82  nfs-utils-lib-devel-1.0.8-7.2.z2.ppc.rpm
6d0ff75429edca9126c9eb3c03a61060  nfs-utils-lib-devel-1.0.8-7.2.z2.ppc64.rpm

s390x:
45ec57215f2edd048a6fbf06bcc0fefe  nfs-utils-lib-1.0.8-7.2.z2.s390.rpm
ba87ae35fc6b3fefd91bf158d0c77d5d  nfs-utils-lib-1.0.8-7.2.z2.s390x.rpm
777e9f6e54acf0ef3eae43e53593713e  nfs-utils-lib-debuginfo-1.0.8-7.2.z2.s390.rpm
1a9be8a4081877d406845b4f510715a3  nfs-utils-lib-debuginfo-1.0.8-7.2.z2.s390x.rpm
f0cc242918a225377f7b05302a82d5a7  nfs-utils-lib-devel-1.0.8-7.2.z2.s390.rpm
dea17a87ca13c7859fdac6607cd489d1  nfs-utils-lib-devel-1.0.8-7.2.z2.s390x.rpm

x86_64:
4a7766d840a3b84ba568a283a3acf1d3  nfs-utils-lib-1.0.8-7.2.z2.i386.rpm
0319d4618fd0cfc2ae148f91cb37eb2e  nfs-utils-lib-1.0.8-7.2.z2.x86_64.rpm
77bb5a12d96fc450ad8f04fbc1abcdde  nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm
69c11a02a653647939fc32be7c3c2dd2  nfs-utils-lib-debuginfo-1.0.8-7.2.z2.x86_64.rpm
c890d8f2e7e6b5fa0bb0878936f343ad  nfs-utils-lib-devel-1.0.8-7.2.z2.i386.rpm
33fe924d3a325d426858b6aad70f1fe6  nfs-utils-lib-devel-1.0.8-7.2.z2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4135
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHArCkXlSAg2UNWIIRAiCbAKCk1Oz03SEgSYH+1w//h0J/u6kHdACfV63H
1VbIkdLN8ULLB67sRYKkMQw=
=s53k
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: nfs-utils-lib security update
Advisory ID:       RHSA-2007:0913-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0913.html
Issue date:        2007-09-19
Updated on:        2007-09-19
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-3999 
- - ---------------------------------------------------------------------

1. Summary:

An updated nfs-utils-lib package to correct a security flaw is now
available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The nfs-utils-lib package contains support libraries that are needed by the
commands and daemons of the nfs-utils package.

Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by nfs-utils-lib. A remote unauthenticated attacker who can
access an application linked against nfs-utils-lib could trigger this flaw
and cause the application to crash. On Red Hat Enterprise Linux 4 it is not
possible to exploit this flaw to run arbitrary code as the overflow is
blocked by FORTIFY_SOURCE. (CVE-2007-3999)

Users of nfs-utils-lib are advised to upgrade to this updated package,
which contains a backported patch that resolves this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

250973 - CVE-2007-3999 krb5 RPC library buffer overflow

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nfs-utils-lib-1.0.6-8.z1.src.rpm
6de4df5245856abfb1e27f43ec995ad4  nfs-utils-lib-1.0.6-8.z1.src.rpm

i386:
ad7d44ae0fecc5fa1f7f69d20f24d0c2  nfs-utils-lib-1.0.6-8.z1.i386.rpm
d3c267fa989d0835ef1f05f9d65c78b7  nfs-utils-lib-debuginfo-1.0.6-8.z1.i386.rpm
acb8da85e6780111d86eb45182d6926f  nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm

ia64:
6866d2ae4650b96f925384ecf4b6891c  nfs-utils-lib-1.0.6-8.z1.ia64.rpm
1ef19760de6815aa6ed58b455518042a  nfs-utils-lib-debuginfo-1.0.6-8.z1.ia64.rpm
65fbf40e86f97368f5679da2140e0360  nfs-utils-lib-devel-1.0.6-8.z1.ia64.rpm

ppc:
1bd2cf61e4e41a20c11c038bc6895243  nfs-utils-lib-1.0.6-8.z1.ppc.rpm
fd48271663e2641f72c175f4900a1ce2  nfs-utils-lib-debuginfo-1.0.6-8.z1.ppc.rpm
a030703d3d2731eaf4b6573130e562cf  nfs-utils-lib-devel-1.0.6-8.z1.ppc.rpm

s390:
1eaaca7f9b503f611203cc2ab946950f  nfs-utils-lib-1.0.6-8.z1.s390.rpm
fb099cca3862d0cc27018b4b3b2253f2  nfs-utils-lib-debuginfo-1.0.6-8.z1.s390.rpm
f77020fcc2aea3bb5cdeedd3977feb97  nfs-utils-lib-devel-1.0.6-8.z1.s390.rpm

s390x:
a8bab89128f0a7779e929bc6d712a28a  nfs-utils-lib-1.0.6-8.z1.s390x.rpm
3ee0e87b350127174a4f97de1c92d030  nfs-utils-lib-debuginfo-1.0.6-8.z1.s390x.rpm
dff59782eda7f14c789b55254422d3a5  nfs-utils-lib-devel-1.0.6-8.z1.s390x.rpm

x86_64:
fb0cbb12869dadcf9872375bd50012db  nfs-utils-lib-1.0.6-8.z1.x86_64.rpm
b00a1a022f8f714c25c7d5153ec20423  nfs-utils-lib-debuginfo-1.0.6-8.z1.x86_64.rpm
506a8209ed65baa42d147dc0e6503ff5  nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nfs-utils-lib-1.0.6-8.z1.src.rpm
6de4df5245856abfb1e27f43ec995ad4  nfs-utils-lib-1.0.6-8.z1.src.rpm

i386:
ad7d44ae0fecc5fa1f7f69d20f24d0c2  nfs-utils-lib-1.0.6-8.z1.i386.rpm
d3c267fa989d0835ef1f05f9d65c78b7  nfs-utils-lib-debuginfo-1.0.6-8.z1.i386.rpm
acb8da85e6780111d86eb45182d6926f  nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm

x86_64:
fb0cbb12869dadcf9872375bd50012db  nfs-utils-lib-1.0.6-8.z1.x86_64.rpm
b00a1a022f8f714c25c7d5153ec20423  nfs-utils-lib-debuginfo-1.0.6-8.z1.x86_64.rpm
506a8209ed65baa42d147dc0e6503ff5  nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nfs-utils-lib-1.0.6-8.z1.src.rpm
6de4df5245856abfb1e27f43ec995ad4  nfs-utils-lib-1.0.6-8.z1.src.rpm

i386:
ad7d44ae0fecc5fa1f7f69d20f24d0c2  nfs-utils-lib-1.0.6-8.z1.i386.rpm
d3c267fa989d0835ef1f05f9d65c78b7  nfs-utils-lib-debuginfo-1.0.6-8.z1.i386.rpm
acb8da85e6780111d86eb45182d6926f  nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm

ia64:
6866d2ae4650b96f925384ecf4b6891c  nfs-utils-lib-1.0.6-8.z1.ia64.rpm
1ef19760de6815aa6ed58b455518042a  nfs-utils-lib-debuginfo-1.0.6-8.z1.ia64.rpm
65fbf40e86f97368f5679da2140e0360  nfs-utils-lib-devel-1.0.6-8.z1.ia64.rpm

x86_64:
fb0cbb12869dadcf9872375bd50012db  nfs-utils-lib-1.0.6-8.z1.x86_64.rpm
b00a1a022f8f714c25c7d5153ec20423  nfs-utils-lib-debuginfo-1.0.6-8.z1.x86_64.rpm
506a8209ed65baa42d147dc0e6503ff5  nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nfs-utils-lib-1.0.6-8.z1.src.rpm
6de4df5245856abfb1e27f43ec995ad4  nfs-utils-lib-1.0.6-8.z1.src.rpm

i386:
ad7d44ae0fecc5fa1f7f69d20f24d0c2  nfs-utils-lib-1.0.6-8.z1.i386.rpm
d3c267fa989d0835ef1f05f9d65c78b7  nfs-utils-lib-debuginfo-1.0.6-8.z1.i386.rpm
acb8da85e6780111d86eb45182d6926f  nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm

ia64:
6866d2ae4650b96f925384ecf4b6891c  nfs-utils-lib-1.0.6-8.z1.ia64.rpm
1ef19760de6815aa6ed58b455518042a  nfs-utils-lib-debuginfo-1.0.6-8.z1.ia64.rpm
65fbf40e86f97368f5679da2140e0360  nfs-utils-lib-devel-1.0.6-8.z1.ia64.rpm

x86_64:
fb0cbb12869dadcf9872375bd50012db  nfs-utils-lib-1.0.6-8.z1.x86_64.rpm
b00a1a022f8f714c25c7d5153ec20423  nfs-utils-lib-debuginfo-1.0.6-8.z1.x86_64.rpm
506a8209ed65baa42d147dc0e6503ff5  nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFG8VyNXlSAg2UNWIIRAqJtAJ9oIrCvscZWyQn8Ya0Tse/ViWm8uACfem6D
yJV7J8AqWNfMBbmHcJZWRvQ=
=1s6X
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRwLm6yh9+71yA2DNAQJCsgP/dUrIqAdMDClUMnjdohEwj5UmMcQ30lZ1
9Nsnv55wtOmR1zWvofqkaZ6Q7oxYkiZOuEjtiURgqZ9V0SRTHelWx++8uO/hfB6u
ibwRrJJ5biCuJFe5YYac6oz4EjTyu9Xj15KOCEQbPUH5NfJNiHpXJp8B/9Kfx6PK
9D1bj8KflHI=
=i+QG
-----END PGP SIGNATURE-----