CVE-2009-1072
CVE-2009-1072
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.htmlhttp://secunia.com/advisories/34422http://secunia.com/advisories/34432http://secunia.com/advisories/34786http://secunia.com/advisories/35121http://secunia.com/advisories/35185http://secunia.com/advisories/35343http://secunia.com/advisories/35390