Lucene search

K

[email protected]NVD:CVE-2009-3286

HistorySep 22, 2009 - 10:30 a.m.

CVE-2009-3286

2009-09-2210:30:00

CWE-264

[email protected]

web.nvd.nist.gov

1

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.2%

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails.

Affected configurations

NVD

Node

linuxlinux_kernelMatch2.6.18

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=81ac95c5

lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

lists.vmware.com/pipermail/security-announce/2010/000082.html

secunia.com/advisories/37105

secunia.com/advisories/38794

secunia.com/advisories/38834

www.openwall.com/lists/oss-security/2009/09/21/2

www.ubuntu.com/usn/USN-852-1

www.vupen.com/english/advisories/2010/0528

bugzilla.redhat.com/show_bug.cgi?id=524520

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7527

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9757

rhn.redhat.com/errata/RHSA-2009-1548.html

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.2%

Related for NVD:CVE-2009-3286

ubuntucve1 prion1 cve1 seebug1 cvelist1 veracode1 openvas22 nessus17 centos1 redhat2 oraclelinux2 suse2 osv3 debian3 securityvulns1 ubuntu1 vmware4