CVE-2009-1630

Metadata

CVE-2009-1630
4.4
article.gmane.org, bugzilla.linux-nfs.org, linux-nfs.org, linux-nfs.org, lists.opensuse.org, lists.opensuse.org, wiki.rpath.com, debian.org, debian.org, debian.org, mandriva.com, mandriva.com, openwall.com, redhat.com, securityfocus.com, securityfocus.com, securityfocus.com, ubuntu.com, vmware.com, vupen.com, vupen.com, bugzilla.redhat.com
2009-05-14
2017-09-29 06:09

Description

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.

Related Vulnerabilities

platform vulnerability
CVE-2009-1630