Lucene search

K
cveMitreCVE-2007-6733
HistoryMar 16, 2010 - 7:30 p.m.

CVE-2007-6733

2010-03-1619:30:00
CWE-399
mitre
web.nvd.nist.gov
29
cve-2007-6733
linux kernel
nfs_lock function
denial of service
bug
system crash
nfs filesystem
file permissions

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

AI Score

4.9

Confidence

High

EPSS

0

Percentile

5.1%

The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on an NFS filesystem and then changing this file’s permissions, a related issue to CVE-2010-0727.

Affected configurations

Nvd
Node
linuxlinux_kernelMatch2.6.9
VendorProductVersionCPE
linuxlinux_kernel2.6.9cpe:2.3:o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

AI Score

4.9

Confidence

High

EPSS

0

Percentile

5.1%