Lucene search

MitreCVE-2009-2657

HistoryAug 04, 2009 - 4:30 p.m.

CVE-2009-2657

2009-08-0416:30:00

CWE-264

mitre

web.nvd.nist.gov

security

vulnerability

nilfs-utils

setuid

privilege escalation

nvd

cve-2009-2657

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2.

Affected configurations

Nvd

Node

nilfnilfsRange≤2.0.13

nilfnilfsMatch1.0.0

nilfnilfsMatch1.0.1

nilfnilfsMatch1.0.2

nilfnilfsMatch1.0.3

nilfnilfsMatch1.0.4

nilfnilfsMatch1.0.5

nilfnilfsMatch1.0.6

nilfnilfsMatch1.0.7

nilfnilfsMatch1.0.8

nilfnilfsMatch1.0.9

nilfnilfsMatch1.0.10

nilfnilfsMatch1.0.11

nilfnilfsMatch1.0.12

nilfnilfsMatch1.0.13

nilfnilfsMatch1.0.14

nilfnilfsMatch1.0.15

nilfnilfsMatch1.0.16

nilfnilfsMatch1.0.17

nilfnilfsMatch1.0.18

nilfnilfsMatch2.0.0

nilfnilfsMatch2.0.1

nilfnilfsMatch2.0.2

nilfnilfsMatch2.0.4

nilfnilfsMatch2.0.5

nilfnilfsMatch2.0.6

nilfnilfsMatch2.0.7

nilfnilfsMatch2.0.9

nilfnilfsMatch2.0.10

nilfnilfsMatch2.0.12

VendorProductVersionCPE
nilfnilfs*cpe:2.3:a:nilf:nilfs:*:*:*:*:*:*:*:*
nilfnilfs1.0.0cpe:2.3:a:nilf:nilfs:1.0.0:*:*:*:*:*:*:*
nilfnilfs1.0.1cpe:2.3:a:nilf:nilfs:1.0.1:*:*:*:*:*:*:*
nilfnilfs1.0.2cpe:2.3:a:nilf:nilfs:1.0.2:*:*:*:*:*:*:*
nilfnilfs1.0.3cpe:2.3:a:nilf:nilfs:1.0.3:*:*:*:*:*:*:*
nilfnilfs1.0.4cpe:2.3:a:nilf:nilfs:1.0.4:*:*:*:*:*:*:*
nilfnilfs1.0.5cpe:2.3:a:nilf:nilfs:1.0.5:*:*:*:*:*:*:*
nilfnilfs1.0.6cpe:2.3:a:nilf:nilfs:1.0.6:*:*:*:*:*:*:*
nilfnilfs1.0.7cpe:2.3:a:nilf:nilfs:1.0.7:*:*:*:*:*:*:*
nilfnilfs1.0.8cpe:2.3:a:nilf:nilfs:1.0.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nilf	nilfs	*	cpe:2.3:a:nilf:nilfs::::::::
nilf	nilfs	1.0.0	cpe:2.3:a:nilf:nilfs:1.0.0:::::::*
nilf	nilfs	1.0.1	cpe:2.3:a:nilf:nilfs:1.0.1:::::::*
nilf	nilfs	1.0.2	cpe:2.3:a:nilf:nilfs:1.0.2:::::::*
nilf	nilfs	1.0.3	cpe:2.3:a:nilf:nilfs:1.0.3:::::::*
nilf	nilfs	1.0.4	cpe:2.3:a:nilf:nilfs:1.0.4:::::::*
nilf	nilfs	1.0.5	cpe:2.3:a:nilf:nilfs:1.0.5:::::::*
nilf	nilfs	1.0.6	cpe:2.3:a:nilf:nilfs:1.0.6:::::::*
nilf	nilfs	1.0.7	cpe:2.3:a:nilf:nilfs:1.0.7:::::::*
nilf	nilfs	1.0.8	cpe:2.3:a:nilf:nilfs:1.0.8:::::::*

Rows per page:

1-10 of 301

References

www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=5c95a57102e23e6982467cbe23e922450d3f38ed

www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=a5cb60e624e4863c8d6feaf2ea8791abb48d6f15

www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=d807e1c968c1f288486fb7d6f817434838fc12f7

www.openwall.com/lists/oss-security/2009/07/24/4

bugzilla.redhat.com/show_bug.cgi?id=505374

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2009-2657