Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-1630
HistoryMay 14, 2009 - 12:00 a.m.

CVE-2009-1630

2009-05-1400:00:00
ubuntu.com
ubuntu.com
21

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

21.5%

The nfs_permission function in fs/nfs/dir.c in the NFS client
implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open
is available, does not check execute (aka EXEC or MAY_EXEC) permission
bits, which allows local users to bypass permissions and execute files, as
demonstrated by files on an NFSv4 fileserver.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchlinux< 2.6.24-24.55UNKNOWN
ubuntu8.10noarchlinux< 2.6.27-14.35UNKNOWN
ubuntu9.04noarchlinux< 2.6.28-13.45UNKNOWN
ubuntu6.06noarchlinux-source-2.6.15< 2.6.15-54.77UNKNOWN

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

21.5%