Security restrictions bypass in Linux kernel



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2009-1630
CWE-ID CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Security restrictions bypass

EUVDB-ID: #VU92842

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2009-1630

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to read and manipulate data.

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.

Mitigation

Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

CPE2.3 External links

https://article.gmane.org/gmane.linux.nfs/26592
https://bugzilla.linux-nfs.org/show_bug.cgi?id=131
https://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html
https://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html
https://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
https://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html
https://secunia.com/advisories/35106
https://secunia.com/advisories/35298
https://secunia.com/advisories/35394
https://secunia.com/advisories/35656
https://secunia.com/advisories/35847
https://secunia.com/advisories/36051
https://secunia.com/advisories/36327
https://secunia.com/advisories/37471
https://wiki.rpath.com/Advisories:rPSA-2009-0111
https://www.debian.org/security/2009/dsa-1809
https://www.debian.org/security/2009/dsa-1844
https://www.debian.org/security/2009/dsa-1865
https://www.mandriva.com/security/advisories?name=MDVSA-2009:135
https://www.mandriva.com/security/advisories?name=MDVSA-2009:148
https://www.openwall.com/lists/oss-security/2009/05/13/2
https://www.redhat.com/support/errata/RHSA-2009-1157.html
https://www.securityfocus.com/archive/1/505254/100/0/threaded
https://www.securityfocus.com/archive/1/507985/100/0/threaded
https://www.securityfocus.com/bid/34934
https://www.ubuntu.com/usn/usn-793-1
https://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://www.vupen.com/english/advisories/2009/1331
https://www.vupen.com/english/advisories/2009/3316
https://bugzilla.redhat.com/show_bug.cgi?id=500297
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###