CVE-2009-2657

nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2009/07/24/4
https://bugzilla.redhat.com/show_bug.cgi?id=505374
http://www.nilfs.org/git/?p=nilfs2-utils.git;a=commitdiff;h=d807e1c968c1f288486fb7d6f817434838fc12f7
http://www.nilfs.org/git/?p=nilfs2-utils.git;a=commitdiff;h=5c95a57102e23e6982467cbe23e922450d3f38ed
http://www.nilfs.org/git/?p=nilfs2-utils.git;a=commitdiff;h=a5cb60e624e4863c8d6feaf2ea8791abb48d6f15	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nilf:nilfs:2.0.10:::::::*
	cpe:2.3:a:nilf:nilfs:2.0.7:::::::*
	cpe:2.3:a:nilf:nilfs:2.0.0:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.16:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.11:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.9:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.2:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.0:::::::*
	cpe:2.3:a:nilf:nilfs::::::::
	cpe:2.3:a:nilf:nilfs:1.0.15:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.14:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.7:::::::*
	cpe:2.3:a:nilf:nilfs:2.0.9:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.8:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.6:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.17:::::::*
	cpe:2.3:a:nilf:nilfs:2.0.4:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.3:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.12:::::::*
	cpe:2.3:a:nilf:nilfs:2.0.2:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.18:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.1:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.13:::::::*
	cpe:2.3:a:nilf:nilfs:2.0.12:::::::*
	cpe:2.3:a:nilf:nilfs:2.0.1:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.5:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.10:::::::*
	cpe:2.3:a:nilf:nilfs:1.0.4:::::::*
	cpe:2.3:a:nilf:nilfs:2.0.5:::::::*
	cpe:2.3:a:nilf:nilfs:2.0.6:::::::*

Information

Published : 2009-08-04 09:30

Updated : 2009-08-04 21:00

NVD link : CVE-2009-2657

Mitre link : CVE-2009-2657

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

nilf

nilfs

4.6 /10