CVE-2009-1630

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
References
Link Resource
http://article.gmane.org/gmane.linux.nfs/26592 Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=500297 Exploit Issue Tracking Patch Third Party Advisory
http://bugzilla.linux-nfs.org/show_bug.cgi?id=131 Issue Tracking Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/05/13/2 Exploit Mailing List Third Party Advisory
http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html Broken Link
http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html Broken Link
http://www.securityfocus.com/bid/34934 Third Party Advisory VDB Entry
http://secunia.com/advisories/35106 Broken Link
http://www.vupen.com/english/advisories/2009/1331 Broken Link
http://www.debian.org/security/2009/dsa-1809 Third Party Advisory
http://secunia.com/advisories/35298 Broken Link
http://secunia.com/advisories/35394 Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html Mailing List Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:135 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148 Broken Link
http://www.redhat.com/support/errata/RHSA-2009-1157.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html Mailing List Third Party Advisory
http://secunia.com/advisories/36051 Broken Link
http://www.debian.org/security/2009/dsa-1844 Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0111 Broken Link
http://secunia.com/advisories/35847 Broken Link
http://secunia.com/advisories/36327 Broken Link
http://www.debian.org/security/2009/dsa-1865 Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0016.html Patch Third Party Advisory
http://www.vupen.com/english/advisories/2009/3316 Broken Link
http://secunia.com/advisories/37471 Broken Link
http://secunia.com/advisories/35656 Broken Link
http://www.ubuntu.com/usn/usn-793-1 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543 Third Party Advisory
http://www.securityfocus.com/archive/1/507985/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/505254/100/0/threaded Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:3.0.3:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*

Information

Published : 2009-05-14 10:30

Updated : 2020-08-21 11:45


NVD link : CVE-2009-1630

Mitre link : CVE-2009-1630


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

canonical

  • ubuntu_linux

linux

  • linux_kernel

debian

  • debian_linux

vmware

  • esx

opensuse

  • opensuse