5

CVE-2005-3623

nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version2.6.14.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.51% 0.877
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
Patch
Broken Link
http://secunia.com/advisories/19038
Patch
Vendor Advisory
Broken Link
http://secunia.com/advisories/21465
Vendor Advisory
Broken Link
http://secunia.com/advisories/22417
Vendor Advisory
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2006-0575.html
Broken Link
http://secunia.com/advisories/18788
Patch
Vendor Advisory
Broken Link
http://www.novell.com/linux/security/advisories/2006_06_kernel.html
Vendor Advisory
Broken Link
http://lkml.org/lkml/2005/12/23/171
Patch
Mailing List
http://www.securityfocus.com/bid/16570
Third Party Advisory
Broken Link
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707
Broken Link