CVE-2009-1630Kernel vulnerability

CWE-2646 documents6 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 70.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelCanonical Ubuntu LinuxDebian Linux+2 more
Timeline
PublishedMay 14
Latest updateMay 2

Description

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages3 packages

NVDlinux/linux_kernel2.6.29.3
NVDvmware/esx4 versions+3
NVDopensuse/opensuse11.0, 11.1+1

Also affects: Debian Linux 4.0, 5.0, Ubuntu Linux 6.06, 8.04, 8.10, 9.04

Patches

Patch: bugzilla.linux-nfs.orgPatch: www.vmware.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-v8g3-vj55-5p7v: The nfs_permission function in fs/nfs/dir2022-05-02
CVEList
CVE-2009-1630: The nfs_permission function in fs/nfs/dir2009-05-14

📋Vendor Advisories

2
Ubuntu
Linux kernel vulnerabilities2009-07-02
Red Hat
kernel: nfs: fix NFS v4 client handling of MAY_EXEC in nfs_permission2009-05-09

💬Community

1
Bugzilla
CVE-2009-1630 kernel: nfs: fix NFS v4 client handling of MAY_EXEC in nfs_permission2009-05-12
CVE-2009-1630 — Linux Kernel vulnerability | cvebase