CVE-2009-2657
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
5.1%
nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nilf | nilfs | * | cpe:2.3:a:nilf:nilfs:*:*:*:*:*:*:*:* |
| nilf | nilfs | 1.0.0 | cpe:2.3:a:nilf:nilfs:1.0.0:*:*:*:*:*:*:* |
| nilf | nilfs | 1.0.1 | cpe:2.3:a:nilf:nilfs:1.0.1:*:*:*:*:*:*:* |
| nilf | nilfs | 1.0.2 | cpe:2.3:a:nilf:nilfs:1.0.2:*:*:*:*:*:*:* |
| nilf | nilfs | 1.0.3 | cpe:2.3:a:nilf:nilfs:1.0.3:*:*:*:*:*:*:* |
| nilf | nilfs | 1.0.4 | cpe:2.3:a:nilf:nilfs:1.0.4:*:*:*:*:*:*:* |
| nilf | nilfs | 1.0.5 | cpe:2.3:a:nilf:nilfs:1.0.5:*:*:*:*:*:*:* |
| nilf | nilfs | 1.0.6 | cpe:2.3:a:nilf:nilfs:1.0.6:*:*:*:*:*:*:* |
| nilf | nilfs | 1.0.7 | cpe:2.3:a:nilf:nilfs:1.0.7:*:*:*:*:*:*:* |
| nilf | nilfs | 1.0.8 | cpe:2.3:a:nilf:nilfs:1.0.8:*:*:*:*:*:*:* |
References
www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=5c95a57102e23e6982467cbe23e922450d3f38ed
www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=a5cb60e624e4863c8d6feaf2ea8791abb48d6f15
www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=d807e1c968c1f288486fb7d6f817434838fc12f7
www.openwall.com/lists/oss-security/2009/07/24/4
bugzilla.redhat.com/show_bug.cgi?id=505374
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
5.1%