4.4

CVE-2009-1630

Exploit

EPSS 0.11%
Published 14.05.2009 17:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.

Affected products Warnungen 0 Metrics 2 CWE 0 References 35

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 2.6.29.3

Opensuse ≫ Opensuse Version11.0

Opensuse ≫ Opensuse Version11.1

Debian ≫ Debian Linux Version4.0

Debian ≫ Debian Linux Version5.0

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version8.04

Canonical ≫ Ubuntu Linux Version8.10

Canonical ≫ Ubuntu Linux Version9.04

VMware ≫ Esx Version2.5.5

VMware ≫ Esx Version3.0.3

VMware ≫ Esx Version3.5

VMware ≫ Esx Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.262

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/37471

Broken Link

http://www.securityfocus.com/archive/1/507985/100/0/threaded

Third Party Advisory

VDB Entry

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Patch

Third Party Advisory

http://www.vupen.com/english/advisories/2009/3316

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/35394

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2009:135

Broken Link

http://secunia.com/advisories/35656

Broken Link

http://www.ubuntu.com/usn/usn-793-1

Third Party Advisory

http://article.gmane.org/gmane.linux.nfs/26592

Exploit

http://bugzilla.linux-nfs.org/show_bug.cgi?id=131

Patch

Third Party Advisory

Issue Tracking

http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html

Broken Link

http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/35106

Broken Link

http://secunia.com/advisories/35298

Broken Link

http://secunia.com/advisories/35847

Broken Link

http://secunia.com/advisories/36051

Broken Link

http://secunia.com/advisories/36327

Broken Link

http://wiki.rpath.com/Advisories:rPSA-2009-0111

Broken Link

http://www.debian.org/security/2009/dsa-1809

Third Party Advisory

http://www.debian.org/security/2009/dsa-1844

Third Party Advisory

http://www.debian.org/security/2009/dsa-1865

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2009:148

Broken Link

http://www.openwall.com/lists/oss-security/2009/05/13/2

Third Party Advisory

Exploit

Mailing List

http://www.redhat.com/support/errata/RHSA-2009-1157.html

Broken Link

http://www.securityfocus.com/archive/1/505254/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/34934

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2009/1331

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=500297

Patch

Third Party Advisory

Exploit

Issue Tracking

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2009-1630

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1630

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1630

EUVD