4.9

CVE-2009-1072

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 2.6.28.9
OpensuseOpensuse Version10.3
OpensuseOpensuse Version11.0
OpensuseOpensuse Version11.1
SuseLinux Enterprise Desktop Version10 Updatesp2
SuseLinux Enterprise Server Version10 Updatesp2
DebianDebian Linux Version4.0
DebianDebian Linux Version5.0
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
VMwarevCenter Server Version4.0 Update-
   MicrosoftWindows Version-
VMwareVirtualcenter Version2.0.2
   MicrosoftWindows Version-
VMwareVirtualcenter Version2.5
   MicrosoftWindows Version-
VMwareServer Version2.0.0
VMwareEsx Version3.0.3
VMwareEsx Version3.5
VMwareEsx Version4.0
VMwareVma Version4.0
   RedhatEnterprise Linux Version5.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.339
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:C/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/37471
Broken Link
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Third Party Advisory
http://www.vupen.com/english/advisories/2009/3316
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/35390
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/35394
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/34786
Broken Link
http://secunia.com/advisories/35121
Broken Link
http://www.debian.org/security/2009/dsa-1800
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/35185
Broken Link
http://secunia.com/advisories/34422
Broken Link
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9
Broken Link
http://www.vupen.com/english/advisories/2009/0802
Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911
http://secunia.com/advisories/34432
Broken Link
http://secunia.com/advisories/35343
Broken Link
http://secunia.com/advisories/35656
Broken Link
http://thread.gmane.org/gmane.linux.kernel/805280
Broken Link
http://www.openwall.com/lists/oss-security/2009/03/23/1
Third Party Advisory
Mailing List
http://www.redhat.com/support/errata/RHSA-2009-1081.html
Broken Link
http://www.securityfocus.com/bid/34205
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-793-1
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49356
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382
Third Party Advisory