{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "MDVSA-2009:135", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135"}, {"name": "DSA-1865", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1865"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0111"}, {"name": "[linux-nfs] 20090509 [NFS] [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://article.gmane.org/gmane.linux.nfs/26592"}, {"name": "34934", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34934"}, {"name": "37471", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37471"}, {"name": "[nfsv4] 20061116 Status of execute permissions in NFSv4 ACLs ?", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html"}, {"name": "[oss-security] 20090513 CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/05/13/2"}, {"name": "MDVSA-2009:148", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:148"}, {"name": "35656", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35656"}, {"name": "oval:org.mitre.oval:def:9990", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990"}, {"name": "DSA-1844", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1844"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "ADV-2009-1331", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1331"}, {"name": "RHSA-2009:1157", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1157.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500297"}, {"name": "35106", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35106"}, {"name": "20090724 rPSA-2009-0111-1 kernel", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/505254/100/0/threaded"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "36051", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36051"}, {"name": "35298", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35298"}, {"name": "36327", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36327"}, {"name": "oval:org.mitre.oval:def:8543", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543"}, {"name": "SUSE-SA:2009:031", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.linux-nfs.org/show_bug.cgi?id=131"}, {"name": "USN-793-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-793-1"}, {"name": "[nfsv4] 20061117 [Patch] Re: Status of execute permissions in NFSv4 ACLs ?", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html"}, {"name": "SUSE-SA:2009:038", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "35394", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35394"}, {"name": "DSA-1809", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1809"}, {"name": "35847", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35847"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1630", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MDVSA-2009:135", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135"}, {"name": "DSA-1865", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1865"}, {"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0111", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0111"}, {"name": "[linux-nfs] 20090509 [NFS] [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.", "refsource": "MLIST", "url": "http://article.gmane.org/gmane.linux.nfs/26592"}, {"name": "34934", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34934"}, {"name": "37471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37471"}, {"name": "[nfsv4] 20061116 Status of execute permissions in NFSv4 ACLs ?", "refsource": "MLIST", "url": "http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html"}, {"name": "[oss-security] 20090513 CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/05/13/2"}, {"name": "MDVSA-2009:148", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:148"}, {"name": "35656", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35656"}, {"name": "oval:org.mitre.oval:def:9990", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990"}, {"name": "DSA-1844", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1844"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "ADV-2009-1331", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1331"}, {"name": "RHSA-2009:1157", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2009-1157.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=500297", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500297"}, {"name": "35106", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35106"}, {"name": "20090724 rPSA-2009-0111-1 kernel", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/505254/100/0/threaded"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "36051", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36051"}, {"name": "35298", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35298"}, {"name": "36327", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36327"}, {"name": "oval:org.mitre.oval:def:8543", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543"}, {"name": "SUSE-SA:2009:031", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"}, {"name": "http://bugzilla.linux-nfs.org/show_bug.cgi?id=131", "refsource": "CONFIRM", "url": "http://bugzilla.linux-nfs.org/show_bug.cgi?id=131"}, {"name": "USN-793-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-793-1"}, {"name": "[nfsv4] 20061117 [Patch] Re: Status of execute permissions in NFSv4 ACLs ?", "refsource": "MLIST", "url": "http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html"}, {"name": "SUSE-SA:2009:038", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html"}, {"name": "ADV-2009-3316", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "35394", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35394"}, {"name": "DSA-1809", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1809"}, {"name": "35847", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35847"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:20:34.608Z"}, "title": "CVE Program Container", "references": [{"name": "MDVSA-2009:135", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135"}, {"name": "DSA-1865", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1865"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0111"}, {"name": "[linux-nfs] 20090509 [NFS] [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://article.gmane.org/gmane.linux.nfs/26592"}, {"name": "34934", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/34934"}, {"name": "37471", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37471"}, {"name": "[nfsv4] 20061116 Status of execute permissions in NFSv4 ACLs ?", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html"}, {"name": "[oss-security] 20090513 CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/05/13/2"}, {"name": "MDVSA-2009:148", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:148"}, {"name": "35656", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35656"}, {"name": "oval:org.mitre.oval:def:9990", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990"}, {"name": "DSA-1844", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1844"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "ADV-2009-1331", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1331"}, {"name": "RHSA-2009:1157", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1157.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500297"}, {"name": "35106", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35106"}, {"name": "20090724 rPSA-2009-0111-1 kernel", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/505254/100/0/threaded"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "36051", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36051"}, {"name": "35298", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35298"}, {"name": "36327", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36327"}, {"name": "oval:org.mitre.oval:def:8543", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543"}, {"name": "SUSE-SA:2009:031", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugzilla.linux-nfs.org/show_bug.cgi?id=131"}, {"name": "USN-793-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-793-1"}, {"name": "[nfsv4] 20061117 [Patch] Re: Status of execute permissions in NFSv4 ACLs ?", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html"}, {"name": "SUSE-SA:2009:038", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "35394", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35394"}, {"name": "DSA-1809", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1809"}, {"name": "35847", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35847"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1630", "datePublished": "2009-05-14T17:00:00", "dateReserved": "2009-05-14T00:00:00", "dateUpdated": "2024-08-07T05:20:34.608Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8F01798-4A0A-405B-A70E-C858868A49E0", "versionEndIncluding": "2.6.29.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*", "matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "ECFD8D25-7FDF-48DF-8728-5875C44FFB53", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "902BA958-06AA-4EDF-9F9E-1030083EA361", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "BFF29100-E124-4416-95CF-18B4246D43F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver."}, {"lang": "es", "value": "La funci\u00f3n nfs_permission en fs/nfs/dir.c en la implementaci\u00f3n cliente  NFS en Linux kernel v2.6.29.3 y versiones anteriores, cuando atomic_open est\u00e1 activo, no comprueba la ejecuci\u00f3n (tambi\u00e9n conocido como EXEC or MAY_EXEC) de permisos de bits, lo cual permite a usuarios locales evitar permisos y ejecutar ficheros, como lo demostrado por ficheros en un servidor de ficheros NFSv4."}], "id": "CVE-2009-1630", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-05-14T17:30:00.780", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://article.gmane.org/gmane.linux.nfs/26592"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "http://bugzilla.linux-nfs.org/show_bug.cgi?id=131"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35106"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35298"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35394"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35656"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35847"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/36051"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/36327"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/37471"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0111"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1809"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1844"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1865"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:148"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2009/05/13/2"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1157.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/505254/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/34934"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-793-1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/1331"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500297"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://article.gmane.org/gmane.linux.nfs/26592"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "http://bugzilla.linux-nfs.org/show_bug.cgi?id=131"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35106"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35298"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35394"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35656"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35847"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/36051"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/36327"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/37471"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0111"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1809"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1865"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:148"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2009/05/13/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2009-1157.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/505254/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/34934"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-793-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/1331"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, and 3.\n\nIt was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-1132.html , https://rhn.redhat.com/errata/RHSA-2009-1106.html , and https://rhn.redhat.com/errata/RHSA-2009-1157.html .", "lastModified": "2009-09-10T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1157", "cpe": "cpe:/a:redhat:enterprise_mrg:1::el5", "package": "kernel-rt-0:2.6.24.7-126.el5rt", "product_name": "MRG for RHEL-5", "release_date": "2009-07-14T00:00:00Z"}, {"advisory": "RHSA-2009:1132", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "kernel-0:2.6.9-89.0.3.EL", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2009-06-30T00:00:00Z"}, {"advisory": "RHSA-2009:1106", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-128.1.14.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-06-16T00:00:00Z"}], "bugzilla": {"description": "kernel: nfs: fix NFS v4 client handling of MAY_EXEC in nfs_permission", "id": "500297", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500297"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "status": "verified"}, "details": ["The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver."], "name": "CVE-2009-1630", "public_date": "2009-05-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-1630\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-1630"], "statement": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, and 3.", "threat_severity": "Moderate"}