#VU46240 Configuration in Nextcloud Server - CVE-2009-1072

Cybersecurity Help s.r.o.

Published: 2009-03-25 | Updated: 2020-09-03

Vulnerability identifier: #VU46240

Vulnerability risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2009-1072

CWE-ID: CWE-16

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Nextcloud Server
Client/Desktop applications / Messaging software

Vendor: Nextcloud

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Nextcloud Server: 2.0.0

External links
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=76a67ec6fb79ff3570dcb5342142c16098299911
https://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html
https://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html
https://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
https://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
https://secunia.com/advisories/34422
https://secunia.com/advisories/34432
https://secunia.com/advisories/34786
https://secunia.com/advisories/35121
https://secunia.com/advisories/35185
https://secunia.com/advisories/35343
https://secunia.com/advisories/35390
https://secunia.com/advisories/35394
https://secunia.com/advisories/35656
https://secunia.com/advisories/37471
https://thread.gmane.org/gmane.linux.kernel/805280
https://www.debian.org/security/2009/dsa-1800
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9
https://www.openwall.com/lists/oss-security/2009/03/23/1
https://www.redhat.com/support/errata/RHSA-2009-1081.html
https://www.securityfocus.com/archive/1/507985/100/0/threaded
https://www.securityfocus.com/bid/34205
https://www.ubuntu.com/usn/usn-793-1
https://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://www.vupen.com/english/advisories/2009/0802
https://www.vupen.com/english/advisories/2009/3316
https://exchange.xforce.ibmcloud.com/vulnerabilities/49356
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.