4.4
CVE-2009-1630
- EPSS 0.49%
- Veröffentlicht 14.05.2009 17:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version <= 2.6.29.3
Debian ≫ Debian Linux Version4.0
Debian ≫ Debian Linux Version5.0
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version8.04
Canonical ≫ Ubuntu Linux Version8.10
Canonical ≫ Ubuntu Linux Version9.04
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.379 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
http://secunia.com/advisories/37471
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
http://secunia.com/advisories/35394
http://www.mandriva.com/security/advisories?name=MDVSA-2009:135
http://secunia.com/advisories/35656
http://www.ubuntu.com/usn/usn-793-1
http://article.gmane.org/gmane.linux.nfs/26592
http://bugzilla.linux-nfs.org/show_bug.cgi?id=131
http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html
http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html
http://secunia.com/advisories/35106
http://secunia.com/advisories/35298
http://secunia.com/advisories/35847
http://secunia.com/advisories/36051
http://secunia.com/advisories/36327
http://wiki.rpath.com/Advisories:rPSA-2009-0111
http://www.debian.org/security/2009/dsa-1809
http://www.debian.org/security/2009/dsa-1844
http://www.debian.org/security/2009/dsa-1865
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148
http://www.openwall.com/lists/oss-security/2009/05/13/2
http://www.redhat.com/support/errata/RHSA-2009-1157.html
http://www.securityfocus.com/archive/1/505254/100/0/threaded
http://www.securityfocus.com/bid/34934
http://www.vupen.com/english/advisories/2009/1331
https://bugzilla.redhat.com/show_bug.cgi?id=500297
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990