Vulnerability Details : CVE-2009-1630
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
Exploit prediction scoring system (EPSS) score for CVE-2009-1630
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 19 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-1630
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
[email protected] |
CWE ids for CVE-2009-1630
-
Assigned by: [email protected] (Primary)
Vendor statements for CVE-2009-1630
-
Red Hat 2009-09-10This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, and 3. It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-1132.html , https://rhn.redhat.com/errata/RHSA-2009-1106.html , and https://rhn.redhat.com/errata/RHSA-2009-1157.html .
-
http://www.securityfocus.com/archive/1/505254/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/usn-793-1
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html
Mailing List;Third Party Advisory
-
http://www.debian.org/security/2009/dsa-1865
Third Party Advisory
-
http://bugzilla.linux-nfs.org/show_bug.cgi?id=131
Issue Tracking;Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=500297
Exploit;Issue Tracking;Patch;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2009-1157.html
Broken Link
-
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Patch;Third Party Advisory
-
http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html
Broken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990
Third Party Advisory
-
http://www.vupen.com/english/advisories/2009/3316
Broken Link
-
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
Mailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/34934
Third Party Advisory;VDB Entry
-
http://www.debian.org/security/2009/dsa-1809
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543
Third Party Advisory
-
http://www.debian.org/security/2009/dsa-1844
Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2009/05/13/2
Exploit;Mailing List;Third Party Advisory
-
http://article.gmane.org/gmane.linux.nfs/26592
Exploit
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:135
Broken Link
-
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Third Party Advisory;VDB Entry
-
http://wiki.rpath.com/Advisories:rPSA-2009-0111
Broken Link
-
http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html
Broken Link
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148
Broken Link
-
http://www.vupen.com/english/advisories/2009/1331
Broken Link
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*