CVE-2009-1630
CVE-2009-1630
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://article.gmane.org/gmane.linux.nfs/26592http://bugzilla.linux-nfs.org/show_bug.cgi?id=131http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.htmlhttp://linux-nfs.org/pipermail/nfsv4/2006-November/005323.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=500297http://secunia.com/advisories/35106http://secunia.com/advisories/35298http://secunia.com/advisories/35394http://secunia.com/advisories/35656http://secunia.com/advisories/35847