Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-1072
HistoryMar 25, 2009 - 12:00 a.m.

CVE-2009-1072

2009-03-2500:00:00
ubuntu.com
ubuntu.com
19

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

EPSS

0.966

Percentile

99.7%

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD
capability before handling a user request in a thread, which allows local
users to create device nodes, as demonstrated on a filesystem that has been
exported with the root_squash option.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchlinux< 2.6.24-24.55UNKNOWN
ubuntu8.10noarchlinux< 2.6.27-14.35UNKNOWN
ubuntu9.04noarchlinux< 2.6.28-13.45UNKNOWN
ubuntu6.06noarchlinux-source-2.6.15< 2.6.15-54.77UNKNOWN

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

EPSS

0.966

Percentile

99.7%