CVE-2009-1630

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.

References

http://article.gmane.org/gmane.linux.nfs/26592

http://bugzilla.linux-nfs.org/show_bug.cgi?id=131

http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html

http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html

http://secunia.com/advisories/35106

http://secunia.com/advisories/35298

http://secunia.com/advisories/35394

http://secunia.com/advisories/35656

http://secunia.com/advisories/35847

http://secunia.com/advisories/36051

http://secunia.com/advisories/36327

http://secunia.com/advisories/37471

http://wiki.rpath.com/Advisories:rPSA-2009-0111

http://www.debian.org/security/2009/dsa-1809

http://www.debian.org/security/2009/dsa-1844

http://www.debian.org/security/2009/dsa-1865

http://www.mandriva.com/security/advisories?name=MDVSA-2009:135

http://www.mandriva.com/security/advisories?name=MDVSA-2009:148

http://www.openwall.com/lists/oss-security/2009/05/13/2

http://www.redhat.com/support/errata/RHSA-2009-1157.html

http://www.securityfocus.com/archive/1/505254/100/0/threaded

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/bid/34934

http://www.ubuntu.com/usn/usn-793-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2009/1331

http://www.vupen.com/english/advisories/2009/3316

https://bugzilla.redhat.com/show_bug.cgi?id=500297

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990

Details

Source: MITRE

Published: 2009-05-14

Updated: 2020-08-21

Type: CWE-264

Risk Information

CVSS v2

Base Score: 4.4

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.4

Severity: MEDIUM

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
89117VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)NessusMisc.
critical
79460OracleVM 2.1 : kernel (OVMSA-2009-0014)NessusOracleVM Local Security Checks
high
67884Oracle Linux 4 : kernel (ELSA-2009-1132)NessusOracle Linux Local Security Checks
high
67874Oracle Linux 5 : kernel (ELSA-2009-1106)NessusOracle Linux Local Security Checks
high
60609Scientific Linux Security Update : kernel on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
60599Scientific Linux Security Update : kernel on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
59138SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6437)NessusSuSE Local Security Checks
high
51607SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1079 / 1087)NessusSuSE Local Security Checks
high
48149Mandriva Linux Security Advisory : kernel (MDVSA-2009:148)NessusMandriva Local Security Checks
high
44730Debian DSA-1865-1 : linux-2.6 - denial of service/privilege escalationNessusDebian Local Security Checks
high
44709Debian DSA-1844-1 : linux-2.6.24 - denial of service/privilege escalationNessusDebian Local Security Checks
high
43757CentOS 5 : kernel (CESA-2009:1106)NessusCentOS Local Security Checks
high
42870VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.NessusVMware ESX Local Security Checks
medium
42009openSUSE 10 Security Update : kernel (kernel-6440)NessusSuSE Local Security Checks
high
41540SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6439)NessusSuSE Local Security Checks
high
41413SuSE 11 Security Update : Linux kernel (SAT Patch Number 1086)NessusSuSE Local Security Checks
high
41412SuSE 11 Security Update : Linux kernel (SAT Patch Number 1086)NessusSuSE Local Security Checks
high
40360openSUSE Security Update : kernel (kernel-1097)NessusSuSE Local Security Checks
high
40012openSUSE Security Update : kernel (kernel-951)NessusSuSE Local Security Checks
critical
39586Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : linux, linux-source-2.6.15 vulnerabilities (USN-793-1)NessusUbuntu Local Security Checks
high
39583RHEL 4 : kernel (RHSA-2009:1132)NessusRed Hat Local Security Checks
high
39444Mandriva Linux Security Advisory : kernel (MDVSA-2009:135)NessusMandriva Local Security Checks
high
39430RHEL 5 : kernel (RHSA-2009:1106)NessusRed Hat Local Security Checks
high
38990Debian DSA-1809-1 : linux-2.6 - denial of service, privilege escalationNessusDebian Local Security Checks
high
801470CentOS RHSA-2009-1106 Security CheckLog Correlation EngineGeneric
high