5

CVE-2005-3623

nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version2.6.14.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.97% 0.745
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

http://secunia.com/advisories/19038
Patch
Vendor Advisory
Broken Link
http://secunia.com/advisories/21465
Vendor Advisory
Broken Link
http://secunia.com/advisories/22417
Vendor Advisory
Broken Link
http://secunia.com/advisories/18788
Patch
Vendor Advisory
Broken Link
http://www.securityfocus.com/bid/16570
Third Party Advisory
Broken Link
VDB Entry