Vulnerability Details : CVE-2005-3623
nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.
Products affected by CVE-2005-3623
- cpe:2.3:o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-3623
0.97%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-3623
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2005-3623
-
Assigned by: nvd@nist.gov (Primary)
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-3623
-
http://www.novell.com/linux/security/advisories/2006_06_kernel.html
404 Page Not Found | SUSEBroken Link;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2006-0575.html
SupportBroken Link
-
http://secunia.com/advisories/19038
About Secunia Research | FlexeraBroken Link;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/16570
Broken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/21465
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707
404 Not FoundBroken Link
-
http://secunia.com/advisories/22417
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
ASA-2006-200 (RHSA-2006-0575)Third Party Advisory
-
http://secunia.com/advisories/18788
About Secunia Research | FlexeraBroken Link;Patch;Vendor Advisory
-
http://lkml.org/lkml/2005/12/23/171
LKML: Greg Kroah-Hartman: [patch 19/19] setting ACLs on readonly mounted NFS filesystems (CVE-2005-3623)Mailing List;Patch
-
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
Broken Link;Patch
Jump to