Vulnerability Details : CVE-2007-0004

The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries.

Published 2007-09-18 19:17:00

Updated 2008-09-05 21:16:47

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2007-0004

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 10 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-0004

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
1.9	LOW	AV:L/AC:M/Au:N/C:P/I:N/A:N	3.4	2.9	[email protected]
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2007-0004

CWE-264

Assigned by: [email protected] (Primary)

References for CVE-2007-0004

https://bugzilla.redhat.com/show_bug.cgi?id=199715

Products affected by CVE-2007-0004

Redhat » Enterprise Linux » Version: 3.0
cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*
Matching versions