===================================================================== CERT-Renater Note d'Information No. 2007/VULN376 _____________________________________________________________________ DATE : 03/10/2007 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running nfs-utils-lib. ====================================================================== --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: nfs-utils-lib security update Advisory ID: RHSA-2007:0951-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0951.html Issue date: 2007-10-02 Updated on: 2007-10-02 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-3999 CVE-2007-4135 --------------------------------------------------------------------- 1. Summary: An updated nfs-utils-lib package to correct two security flaws is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: The nfs-utils-lib package contains support libraries that are needed by the commands and daemons of the nfs-utils package. The updated nfs-utils package fixes the following vulnerabilities: Tenable Network Security discovered a stack buffer overflow flaw in the RPC library used by nfs-utils-lib. A remote unauthenticated attacker who can access an application linked against nfs-utils-lib could trigger this flaw and cause the application to crash. On Red Hat Enterprise Linux 5 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-3999) Tony Ernst from SGI has discovered a flaw in the way nfsidmap maps NFSv4 unknown uids. If an unknown user ID is encountered on an NFSv4 mounted filesystem, the files will default to being owned by 'root' rather than 'nobody'. (CVE-2007-4135) Users of nfs-utils-lib are advised to upgrade to this updated package, which contains backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 250973 - CVE-2007-3999 krb5 RPC library buffer overflow 254040 - CVE-2007-4135 nfs-utils-lib NFSv4 user id mapping flaw 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nfs-utils-lib-1.0.8-7.2.z2.src.rpm 80a7bf1fdfb74b567f0b98882b5de084 nfs-utils-lib-1.0.8-7.2.z2.src.rpm i386: 4a7766d840a3b84ba568a283a3acf1d3 nfs-utils-lib-1.0.8-7.2.z2.i386.rpm 77bb5a12d96fc450ad8f04fbc1abcdde nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm x86_64: 4a7766d840a3b84ba568a283a3acf1d3 nfs-utils-lib-1.0.8-7.2.z2.i386.rpm 0319d4618fd0cfc2ae148f91cb37eb2e nfs-utils-lib-1.0.8-7.2.z2.x86_64.rpm 77bb5a12d96fc450ad8f04fbc1abcdde nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm 69c11a02a653647939fc32be7c3c2dd2 nfs-utils-lib-debuginfo-1.0.8-7.2.z2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/nfs-utils-lib-1.0.8-7.2.z2.src.rpm 80a7bf1fdfb74b567f0b98882b5de084 nfs-utils-lib-1.0.8-7.2.z2.src.rpm i386: 77bb5a12d96fc450ad8f04fbc1abcdde nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm c890d8f2e7e6b5fa0bb0878936f343ad nfs-utils-lib-devel-1.0.8-7.2.z2.i386.rpm x86_64: 77bb5a12d96fc450ad8f04fbc1abcdde nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm 69c11a02a653647939fc32be7c3c2dd2 nfs-utils-lib-debuginfo-1.0.8-7.2.z2.x86_64.rpm c890d8f2e7e6b5fa0bb0878936f343ad nfs-utils-lib-devel-1.0.8-7.2.z2.i386.rpm 33fe924d3a325d426858b6aad70f1fe6 nfs-utils-lib-devel-1.0.8-7.2.z2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/nfs-utils-lib-1.0.8-7.2.z2.src.rpm 80a7bf1fdfb74b567f0b98882b5de084 nfs-utils-lib-1.0.8-7.2.z2.src.rpm i386: 4a7766d840a3b84ba568a283a3acf1d3 nfs-utils-lib-1.0.8-7.2.z2.i386.rpm 77bb5a12d96fc450ad8f04fbc1abcdde nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm c890d8f2e7e6b5fa0bb0878936f343ad nfs-utils-lib-devel-1.0.8-7.2.z2.i386.rpm ia64: b49bcc58f42fe1a3c1fb01aa86f40749 nfs-utils-lib-1.0.8-7.2.z2.ia64.rpm ac743b06cbf45483ec3c22ccc7e12f86 nfs-utils-lib-debuginfo-1.0.8-7.2.z2.ia64.rpm 981f9c4878a63f59d23c1b56e88a4488 nfs-utils-lib-devel-1.0.8-7.2.z2.ia64.rpm ppc: f9b8f236a9cd1e0af83e75c6328034ef nfs-utils-lib-1.0.8-7.2.z2.ppc.rpm 15f30c10412135fe3c72c3810fbff021 nfs-utils-lib-1.0.8-7.2.z2.ppc64.rpm 9912592260df40ce8844a90103269689 nfs-utils-lib-debuginfo-1.0.8-7.2.z2.ppc.rpm 6a81a1c21d61f183a9a3d32a5a434471 nfs-utils-lib-debuginfo-1.0.8-7.2.z2.ppc64.rpm e9010a2a7b9051ef213535caf3720c82 nfs-utils-lib-devel-1.0.8-7.2.z2.ppc.rpm 6d0ff75429edca9126c9eb3c03a61060 nfs-utils-lib-devel-1.0.8-7.2.z2.ppc64.rpm s390x: 45ec57215f2edd048a6fbf06bcc0fefe nfs-utils-lib-1.0.8-7.2.z2.s390.rpm ba87ae35fc6b3fefd91bf158d0c77d5d nfs-utils-lib-1.0.8-7.2.z2.s390x.rpm 777e9f6e54acf0ef3eae43e53593713e nfs-utils-lib-debuginfo-1.0.8-7.2.z2.s390.rpm 1a9be8a4081877d406845b4f510715a3 nfs-utils-lib-debuginfo-1.0.8-7.2.z2.s390x.rpm f0cc242918a225377f7b05302a82d5a7 nfs-utils-lib-devel-1.0.8-7.2.z2.s390.rpm dea17a87ca13c7859fdac6607cd489d1 nfs-utils-lib-devel-1.0.8-7.2.z2.s390x.rpm x86_64: 4a7766d840a3b84ba568a283a3acf1d3 nfs-utils-lib-1.0.8-7.2.z2.i386.rpm 0319d4618fd0cfc2ae148f91cb37eb2e nfs-utils-lib-1.0.8-7.2.z2.x86_64.rpm 77bb5a12d96fc450ad8f04fbc1abcdde nfs-utils-lib-debuginfo-1.0.8-7.2.z2.i386.rpm 69c11a02a653647939fc32be7c3c2dd2 nfs-utils-lib-debuginfo-1.0.8-7.2.z2.x86_64.rpm c890d8f2e7e6b5fa0bb0878936f343ad nfs-utils-lib-devel-1.0.8-7.2.z2.i386.rpm 33fe924d3a325d426858b6aad70f1fe6 nfs-utils-lib-devel-1.0.8-7.2.z2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4135 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHArCkXlSAg2UNWIIRAiCbAKCk1Oz03SEgSYH+1w//h0J/u6kHdACfV63H 1VbIkdLN8ULLB67sRYKkMQw= =s53k - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: nfs-utils-lib security update Advisory ID: RHSA-2007:0913-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0913.html Issue date: 2007-09-19 Updated on: 2007-09-19 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-3999 - - --------------------------------------------------------------------- 1. Summary: An updated nfs-utils-lib package to correct a security flaw is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The nfs-utils-lib package contains support libraries that are needed by the commands and daemons of the nfs-utils package. Tenable Network Security discovered a stack buffer overflow flaw in the RPC library used by nfs-utils-lib. A remote unauthenticated attacker who can access an application linked against nfs-utils-lib could trigger this flaw and cause the application to crash. On Red Hat Enterprise Linux 4 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-3999) Users of nfs-utils-lib are advised to upgrade to this updated package, which contains a backported patch that resolves this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 250973 - CVE-2007-3999 krb5 RPC library buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/nfs-utils-lib-1.0.6-8.z1.src.rpm 6de4df5245856abfb1e27f43ec995ad4 nfs-utils-lib-1.0.6-8.z1.src.rpm i386: ad7d44ae0fecc5fa1f7f69d20f24d0c2 nfs-utils-lib-1.0.6-8.z1.i386.rpm d3c267fa989d0835ef1f05f9d65c78b7 nfs-utils-lib-debuginfo-1.0.6-8.z1.i386.rpm acb8da85e6780111d86eb45182d6926f nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm ia64: 6866d2ae4650b96f925384ecf4b6891c nfs-utils-lib-1.0.6-8.z1.ia64.rpm 1ef19760de6815aa6ed58b455518042a nfs-utils-lib-debuginfo-1.0.6-8.z1.ia64.rpm 65fbf40e86f97368f5679da2140e0360 nfs-utils-lib-devel-1.0.6-8.z1.ia64.rpm ppc: 1bd2cf61e4e41a20c11c038bc6895243 nfs-utils-lib-1.0.6-8.z1.ppc.rpm fd48271663e2641f72c175f4900a1ce2 nfs-utils-lib-debuginfo-1.0.6-8.z1.ppc.rpm a030703d3d2731eaf4b6573130e562cf nfs-utils-lib-devel-1.0.6-8.z1.ppc.rpm s390: 1eaaca7f9b503f611203cc2ab946950f nfs-utils-lib-1.0.6-8.z1.s390.rpm fb099cca3862d0cc27018b4b3b2253f2 nfs-utils-lib-debuginfo-1.0.6-8.z1.s390.rpm f77020fcc2aea3bb5cdeedd3977feb97 nfs-utils-lib-devel-1.0.6-8.z1.s390.rpm s390x: a8bab89128f0a7779e929bc6d712a28a nfs-utils-lib-1.0.6-8.z1.s390x.rpm 3ee0e87b350127174a4f97de1c92d030 nfs-utils-lib-debuginfo-1.0.6-8.z1.s390x.rpm dff59782eda7f14c789b55254422d3a5 nfs-utils-lib-devel-1.0.6-8.z1.s390x.rpm x86_64: fb0cbb12869dadcf9872375bd50012db nfs-utils-lib-1.0.6-8.z1.x86_64.rpm b00a1a022f8f714c25c7d5153ec20423 nfs-utils-lib-debuginfo-1.0.6-8.z1.x86_64.rpm 506a8209ed65baa42d147dc0e6503ff5 nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/nfs-utils-lib-1.0.6-8.z1.src.rpm 6de4df5245856abfb1e27f43ec995ad4 nfs-utils-lib-1.0.6-8.z1.src.rpm i386: ad7d44ae0fecc5fa1f7f69d20f24d0c2 nfs-utils-lib-1.0.6-8.z1.i386.rpm d3c267fa989d0835ef1f05f9d65c78b7 nfs-utils-lib-debuginfo-1.0.6-8.z1.i386.rpm acb8da85e6780111d86eb45182d6926f nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm x86_64: fb0cbb12869dadcf9872375bd50012db nfs-utils-lib-1.0.6-8.z1.x86_64.rpm b00a1a022f8f714c25c7d5153ec20423 nfs-utils-lib-debuginfo-1.0.6-8.z1.x86_64.rpm 506a8209ed65baa42d147dc0e6503ff5 nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/nfs-utils-lib-1.0.6-8.z1.src.rpm 6de4df5245856abfb1e27f43ec995ad4 nfs-utils-lib-1.0.6-8.z1.src.rpm i386: ad7d44ae0fecc5fa1f7f69d20f24d0c2 nfs-utils-lib-1.0.6-8.z1.i386.rpm d3c267fa989d0835ef1f05f9d65c78b7 nfs-utils-lib-debuginfo-1.0.6-8.z1.i386.rpm acb8da85e6780111d86eb45182d6926f nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm ia64: 6866d2ae4650b96f925384ecf4b6891c nfs-utils-lib-1.0.6-8.z1.ia64.rpm 1ef19760de6815aa6ed58b455518042a nfs-utils-lib-debuginfo-1.0.6-8.z1.ia64.rpm 65fbf40e86f97368f5679da2140e0360 nfs-utils-lib-devel-1.0.6-8.z1.ia64.rpm x86_64: fb0cbb12869dadcf9872375bd50012db nfs-utils-lib-1.0.6-8.z1.x86_64.rpm b00a1a022f8f714c25c7d5153ec20423 nfs-utils-lib-debuginfo-1.0.6-8.z1.x86_64.rpm 506a8209ed65baa42d147dc0e6503ff5 nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/nfs-utils-lib-1.0.6-8.z1.src.rpm 6de4df5245856abfb1e27f43ec995ad4 nfs-utils-lib-1.0.6-8.z1.src.rpm i386: ad7d44ae0fecc5fa1f7f69d20f24d0c2 nfs-utils-lib-1.0.6-8.z1.i386.rpm d3c267fa989d0835ef1f05f9d65c78b7 nfs-utils-lib-debuginfo-1.0.6-8.z1.i386.rpm acb8da85e6780111d86eb45182d6926f nfs-utils-lib-devel-1.0.6-8.z1.i386.rpm ia64: 6866d2ae4650b96f925384ecf4b6891c nfs-utils-lib-1.0.6-8.z1.ia64.rpm 1ef19760de6815aa6ed58b455518042a nfs-utils-lib-debuginfo-1.0.6-8.z1.ia64.rpm 65fbf40e86f97368f5679da2140e0360 nfs-utils-lib-devel-1.0.6-8.z1.ia64.rpm x86_64: fb0cbb12869dadcf9872375bd50012db nfs-utils-lib-1.0.6-8.z1.x86_64.rpm b00a1a022f8f714c25c7d5153ec20423 nfs-utils-lib-debuginfo-1.0.6-8.z1.x86_64.rpm 506a8209ed65baa42d147dc0e6503ff5 nfs-utils-lib-devel-1.0.6-8.z1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================