5
CVE-2005-3623
- EPSS 3.51%
- Veröffentlicht 31.12.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:17:16
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version2.6.14.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.51% | 0.877 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
http://secunia.com/advisories/19038
http://secunia.com/advisories/21465
http://secunia.com/advisories/22417
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
http://www.redhat.com/support/errata/RHSA-2006-0575.html
http://secunia.com/advisories/18788
http://www.novell.com/linux/security/advisories/2006_06_kernel.html
http://lkml.org/lkml/2005/12/23/171
http://www.securityfocus.com/bid/16570
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707