CVE-2009-1630

2009-05-1417:30:00

CWE-264

[email protected]

web.nvd.nist.gov

nfs

client

linux kernel

bypass

execute permissions

fileserver

nvd

cve-2009-1630

4 Medium

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

20.1%

JSON

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle2.6.29.3
opensuse:opensuseopensuseeq11.1
opensuse:opensuseopensuseeq11.0
debian:debian_linuxdebian debian linuxeq5.0
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06
vmware:esxvmware esxeq3.5

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	2.6.29.3
opensuse:opensuse	opensuse	eq	11.1
opensuse:opensuse	opensuse	eq	11.0
debian:debian_linux	debian debian linux	eq	5.0
debian:debian_linux	debian debian linux	eq	4.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	9.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.06
vmware:esx	vmware esx	eq	3.5