CVE-2009-1630

MEDIUM

Description

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.

References

http://article.gmane.org/gmane.linux.nfs/26592

http://bugzilla.linux-nfs.org/show_bug.cgi?id=131

http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html

http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html

http://secunia.com/advisories/35106

http://secunia.com/advisories/35298

http://secunia.com/advisories/35394

http://secunia.com/advisories/35656

http://secunia.com/advisories/35847

http://secunia.com/advisories/36051

http://secunia.com/advisories/36327

http://secunia.com/advisories/37471

http://wiki.rpath.com/Advisories:rPSA-2009-0111

http://www.debian.org/security/2009/dsa-1809

http://www.debian.org/security/2009/dsa-1844

http://www.debian.org/security/2009/dsa-1865

http://www.mandriva.com/security/advisories?name=MDVSA-2009:135

http://www.mandriva.com/security/advisories?name=MDVSA-2009:148

http://www.openwall.com/lists/oss-security/2009/05/13/2

http://www.redhat.com/support/errata/RHSA-2009-1157.html

http://www.securityfocus.com/archive/1/505254/100/0/threaded

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/bid/34934

http://www.ubuntu.com/usn/usn-793-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2009/1331

http://www.vupen.com/english/advisories/2009/3316

https://bugzilla.redhat.com/show_bug.cgi?id=500297

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990

Details

Source: MITRE

Published: 2009-05-14

Updated: 2020-08-21

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 4.4

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.4

Severity: MEDIUM

Vulnerable Software

ID	Name	Product	Family	Severity
89117	VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)	Nessus	Misc.	critical
79460	OracleVM 2.1 : kernel (OVMSA-2009-0014)	Nessus	OracleVM Local Security Checks	high
67884	Oracle Linux 4 : kernel (ELSA-2009-1132)	Nessus	Oracle Linux Local Security Checks	high
67874	Oracle Linux 5 : kernel (ELSA-2009-1106)	Nessus	Oracle Linux Local Security Checks	high
60609	Scientific Linux Security Update : kernel on SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
60599	Scientific Linux Security Update : kernel on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
59138	SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6437)	Nessus	SuSE Local Security Checks	high
51607	SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1079 / 1087)	Nessus	SuSE Local Security Checks	high
48149	Mandriva Linux Security Advisory : kernel (MDVSA-2009:148)	Nessus	Mandriva Local Security Checks	high
44730	Debian DSA-1865-1 : linux-2.6 - denial of service/privilege escalation	Nessus	Debian Local Security Checks	high
44709	Debian DSA-1844-1 : linux-2.6.24 - denial of service/privilege escalation	Nessus	Debian Local Security Checks	high
43757	CentOS 5 : kernel (CESA-2009:1106)	Nessus	CentOS Local Security Checks	high
42870	VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.	Nessus	VMware ESX Local Security Checks	critical
42009	openSUSE 10 Security Update : kernel (kernel-6440)	Nessus	SuSE Local Security Checks	high
41540	SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6439)	Nessus	SuSE Local Security Checks	high
41413	SuSE 11 Security Update : Linux kernel (SAT Patch Number 1086)	Nessus	SuSE Local Security Checks	high
41412	SuSE 11 Security Update : Linux kernel (SAT Patch Number 1086)	Nessus	SuSE Local Security Checks	high
40360	openSUSE Security Update : kernel (kernel-1097)	Nessus	SuSE Local Security Checks	high
40012	openSUSE Security Update : kernel (kernel-951)	Nessus	SuSE Local Security Checks	critical
39586	Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : linux, linux-source-2.6.15 vulnerabilities (USN-793-1)	Nessus	Ubuntu Local Security Checks	high
39583	RHEL 4 : kernel (RHSA-2009:1132)	Nessus	Red Hat Local Security Checks	high
39444	Mandriva Linux Security Advisory : kernel (MDVSA-2009:135)	Nessus	Mandriva Local Security Checks	high
39430	RHEL 5 : kernel (RHSA-2009:1106)	Nessus	Red Hat Local Security Checks	high
38990	Debian DSA-1809-1 : linux-2.6 - denial of service, privilege escalation	Nessus	Debian Local Security Checks	high
801470	CentOS RHSA-2009-1106 Security Check	Log Correlation Engine	Generic	high

CVE-2009-1630

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Tenable Plugins

critical

high

high

high

high

high

high

high

high

high

high

high

critical

high

high

high

high

high

critical

high

high

high

high

high

high