[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3286Date: (C)2009-09-22   (M)2024-02-22


NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-37105
SECUNIA-38794
SECUNIA-38834
ADV-2010-0528
RHSA-2009:1548
SUSE-SA:2010:012
USN-852-1
http://www.openwall.com/lists/oss-security/2009/09/21/2
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=81ac95c5
https://bugzilla.redhat.com/show_bug.cgi?id=524520
oval:org.mitre.oval:def:7527
oval:org.mitre.oval:def:9757

CPE    1
cpe:/o:linux:linux_kernel:2.6.18
CWE    1
CWE-264
OVAL    11
oval:org.secpod.oval:def:400071
oval:org.secpod.oval:def:700430
oval:org.secpod.oval:def:600378
oval:org.secpod.oval:def:600455
...

© SecPod Technologies