4.4

CVE-2009-1630

Exploit
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 2.6.29.3
OpensuseOpensuse Version11.0
OpensuseOpensuse Version11.1
DebianDebian Linux Version4.0
DebianDebian Linux Version5.0
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
VMwareEsx Version2.5.5
VMwareEsx Version3.0.3
VMwareEsx Version3.5
VMwareEsx Version4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.379
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/37471
Broken Link
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Patch
Third Party Advisory
http://www.vupen.com/english/advisories/2009/3316
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/35394
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:135
Broken Link
http://secunia.com/advisories/35656
Broken Link
http://www.ubuntu.com/usn/usn-793-1
Third Party Advisory
http://article.gmane.org/gmane.linux.nfs/26592
Exploit
http://bugzilla.linux-nfs.org/show_bug.cgi?id=131
Patch
Third Party Advisory
Issue Tracking
http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html
Broken Link
http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/35106
Broken Link
http://secunia.com/advisories/35298
Broken Link
http://secunia.com/advisories/35847
Broken Link
http://secunia.com/advisories/36051
Broken Link
http://secunia.com/advisories/36327
Broken Link
http://wiki.rpath.com/Advisories:rPSA-2009-0111
Broken Link
http://www.debian.org/security/2009/dsa-1809
Third Party Advisory
http://www.debian.org/security/2009/dsa-1844
Third Party Advisory
http://www.debian.org/security/2009/dsa-1865
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148
Broken Link
http://www.openwall.com/lists/oss-security/2009/05/13/2
Third Party Advisory
Exploit
Mailing List
http://www.redhat.com/support/errata/RHSA-2009-1157.html
Broken Link
http://www.securityfocus.com/archive/1/505254/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/34934
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2009/1331
Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=500297
Patch
Third Party Advisory
Exploit
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990
Third Party Advisory