Lucene search

K
ubuntucveUbuntu.comUB:CVE-2007-6733
HistoryMar 16, 2010 - 12:00 a.m.

CVE-2007-6733

2010-03-1600:00:00
ubuntu.com
ubuntu.com
25
nfs file locking
denial of service
linux kernel 2.6.9
posix locks
nfs filesystem

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

EPSS

0

Percentile

5.1%

The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not
properly remove POSIX locks on files that are setgid without group-execute
permission, which allows local users to cause a denial of service (BUG and
system crash) by locking a file on an NFS filesystem and then changing this
file’s permissions, a related issue to CVE-2010-0727.

Notes

Author Note
kees predates Dapper

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

EPSS

0

Percentile

5.1%