The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
Max CVSS
4.4
EPSS Score
0.05%
Published
2009-05-14
Updated
2020-08-21
1 vulnerabilities found