#VU92842 Security restrictions bypass in Linux kernel - CVE-2009-1630
Vulnerability identifier: #VU92842
Vulnerability risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to read and manipulate data.
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
Mitigation
Install update from vendor's repository.
Vulnerable software versions
Linux kernel: All versions
External links
https://article.gmane.org/gmane.linux.nfs/26592
https://bugzilla.linux-nfs.org/show_bug.cgi?id=131
https://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html
https://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html
https://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
https://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html
https://secunia.com/advisories/35106
https://secunia.com/advisories/35298
https://secunia.com/advisories/35394
https://secunia.com/advisories/35656
https://secunia.com/advisories/35847
https://secunia.com/advisories/36051
https://secunia.com/advisories/36327
https://secunia.com/advisories/37471
https://wiki.rpath.com/Advisories:rPSA-2009-0111
https://www.debian.org/security/2009/dsa-1809
https://www.debian.org/security/2009/dsa-1844
https://www.debian.org/security/2009/dsa-1865
https://www.mandriva.com/security/advisories?name=MDVSA-2009:135
https://www.mandriva.com/security/advisories?name=MDVSA-2009:148
https://www.openwall.com/lists/oss-security/2009/05/13/2
https://www.redhat.com/support/errata/RHSA-2009-1157.html
https://www.securityfocus.com/archive/1/505254/100/0/threaded
https://www.securityfocus.com/archive/1/507985/100/0/threaded
https://www.securityfocus.com/bid/34934
https://www.ubuntu.com/usn/usn-793-1
https://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://www.vupen.com/english/advisories/2009/1331
https://www.vupen.com/english/advisories/2009/3316
https://bugzilla.redhat.com/show_bug.cgi?id=500297
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
