cve-2009-1630
Vulnerability from cvelistv5
Published
2009-05-14 17:00
Modified
2024-08-07 05:20
Severity ?
Summary
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
References
cve@mitre.orghttp://article.gmane.org/gmane.linux.nfs/26592Exploit
cve@mitre.orghttp://bugzilla.linux-nfs.org/show_bug.cgi?id=131Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttp://linux-nfs.org/pipermail/nfsv4/2006-November/005313.htmlBroken Link
cve@mitre.orghttp://linux-nfs.org/pipermail/nfsv4/2006-November/005323.htmlBroken Link
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/35106Broken Link
cve@mitre.orghttp://secunia.com/advisories/35298Broken Link
cve@mitre.orghttp://secunia.com/advisories/35394Broken Link
cve@mitre.orghttp://secunia.com/advisories/35656Broken Link
cve@mitre.orghttp://secunia.com/advisories/35847Broken Link
cve@mitre.orghttp://secunia.com/advisories/36051Broken Link
cve@mitre.orghttp://secunia.com/advisories/36327Broken Link
cve@mitre.orghttp://secunia.com/advisories/37471Broken Link
cve@mitre.orghttp://wiki.rpath.com/Advisories:rPSA-2009-0111Broken Link
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1809Third Party Advisory
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1844Third Party Advisory
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1865Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:135Broken Link
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2009:148Broken Link
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2009/05/13/2Exploit, Mailing List, Third Party Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2009-1157.htmlBroken Link
cve@mitre.orghttp://www.securityfocus.com/archive/1/505254/100/0/threadedThird Party Advisory, VDB Entry
cve@mitre.orghttp://www.securityfocus.com/archive/1/507985/100/0/threadedThird Party Advisory, VDB Entry
cve@mitre.orghttp://www.securityfocus.com/bid/34934Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/usn-793-1Third Party Advisory
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2009-0016.htmlPatch, Third Party Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/1331Broken Link
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/3316Broken Link
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=500297Exploit, Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543Third Party Advisory
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990Third Party Advisory
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:20:34.608Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2009:135",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135"
          },
          {
            "name": "DSA-1865",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1865"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0111"
          },
          {
            "name": "[linux-nfs] 20090509 [NFS] [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://article.gmane.org/gmane.linux.nfs/26592"
          },
          {
            "name": "34934",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34934"
          },
          {
            "name": "37471",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37471"
          },
          {
            "name": "[nfsv4] 20061116 Status of execute permissions in NFSv4 ACLs ?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html"
          },
          {
            "name": "[oss-security] 20090513 CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/05/13/2"
          },
          {
            "name": "MDVSA-2009:148",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:148"
          },
          {
            "name": "35656",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35656"
          },
          {
            "name": "oval:org.mitre.oval:def:9990",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990"
          },
          {
            "name": "DSA-1844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1844"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "ADV-2009-1331",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1331"
          },
          {
            "name": "RHSA-2009:1157",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1157.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500297"
          },
          {
            "name": "35106",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35106"
          },
          {
            "name": "20090724 rPSA-2009-0111-1 kernel",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/505254/100/0/threaded"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "name": "36051",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36051"
          },
          {
            "name": "35298",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35298"
          },
          {
            "name": "36327",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36327"
          },
          {
            "name": "oval:org.mitre.oval:def:8543",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543"
          },
          {
            "name": "SUSE-SA:2009:031",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugzilla.linux-nfs.org/show_bug.cgi?id=131"
          },
          {
            "name": "USN-793-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-793-1"
          },
          {
            "name": "[nfsv4] 20061117 [Patch] Re: Status of execute permissions in NFSv4 ACLs ?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html"
          },
          {
            "name": "SUSE-SA:2009:038",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html"
          },
          {
            "name": "ADV-2009-3316",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "name": "35394",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35394"
          },
          {
            "name": "DSA-1809",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1809"
          },
          {
            "name": "35847",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35847"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDVSA-2009:135",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135"
        },
        {
          "name": "DSA-1865",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1865"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0111"
        },
        {
          "name": "[linux-nfs] 20090509 [NFS] [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://article.gmane.org/gmane.linux.nfs/26592"
        },
        {
          "name": "34934",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34934"
        },
        {
          "name": "37471",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37471"
        },
        {
          "name": "[nfsv4] 20061116 Status of execute permissions in NFSv4 ACLs ?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html"
        },
        {
          "name": "[oss-security] 20090513 CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/05/13/2"
        },
        {
          "name": "MDVSA-2009:148",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:148"
        },
        {
          "name": "35656",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35656"
        },
        {
          "name": "oval:org.mitre.oval:def:9990",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990"
        },
        {
          "name": "DSA-1844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1844"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
        },
        {
          "name": "ADV-2009-1331",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1331"
        },
        {
          "name": "RHSA-2009:1157",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1157.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500297"
        },
        {
          "name": "35106",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35106"
        },
        {
          "name": "20090724 rPSA-2009-0111-1 kernel",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/505254/100/0/threaded"
        },
        {
          "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
        },
        {
          "name": "36051",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36051"
        },
        {
          "name": "35298",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35298"
        },
        {
          "name": "36327",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36327"
        },
        {
          "name": "oval:org.mitre.oval:def:8543",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543"
        },
        {
          "name": "SUSE-SA:2009:031",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugzilla.linux-nfs.org/show_bug.cgi?id=131"
        },
        {
          "name": "USN-793-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-793-1"
        },
        {
          "name": "[nfsv4] 20061117 [Patch] Re: Status of execute permissions in NFSv4 ACLs ?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html"
        },
        {
          "name": "SUSE-SA:2009:038",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html"
        },
        {
          "name": "ADV-2009-3316",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3316"
        },
        {
          "name": "35394",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35394"
        },
        {
          "name": "DSA-1809",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1809"
        },
        {
          "name": "35847",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35847"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1630",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2009:135",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135"
            },
            {
              "name": "DSA-1865",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1865"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0111",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0111"
            },
            {
              "name": "[linux-nfs] 20090509 [NFS] [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.",
              "refsource": "MLIST",
              "url": "http://article.gmane.org/gmane.linux.nfs/26592"
            },
            {
              "name": "34934",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34934"
            },
            {
              "name": "37471",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37471"
            },
            {
              "name": "[nfsv4] 20061116 Status of execute permissions in NFSv4 ACLs ?",
              "refsource": "MLIST",
              "url": "http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html"
            },
            {
              "name": "[oss-security] 20090513 CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/05/13/2"
            },
            {
              "name": "MDVSA-2009:148",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:148"
            },
            {
              "name": "35656",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35656"
            },
            {
              "name": "oval:org.mitre.oval:def:9990",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990"
            },
            {
              "name": "DSA-1844",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1844"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "ADV-2009-1331",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1331"
            },
            {
              "name": "RHSA-2009:1157",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1157.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=500297",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=500297"
            },
            {
              "name": "35106",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35106"
            },
            {
              "name": "20090724 rPSA-2009-0111-1 kernel",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/505254/100/0/threaded"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "36051",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36051"
            },
            {
              "name": "35298",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35298"
            },
            {
              "name": "36327",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36327"
            },
            {
              "name": "oval:org.mitre.oval:def:8543",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543"
            },
            {
              "name": "SUSE-SA:2009:031",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
            },
            {
              "name": "http://bugzilla.linux-nfs.org/show_bug.cgi?id=131",
              "refsource": "CONFIRM",
              "url": "http://bugzilla.linux-nfs.org/show_bug.cgi?id=131"
            },
            {
              "name": "USN-793-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-793-1"
            },
            {
              "name": "[nfsv4] 20061117 [Patch] Re: Status of execute permissions in NFSv4 ACLs ?",
              "refsource": "MLIST",
              "url": "http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html"
            },
            {
              "name": "SUSE-SA:2009:038",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html"
            },
            {
              "name": "ADV-2009-3316",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            },
            {
              "name": "35394",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35394"
            },
            {
              "name": "DSA-1809",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1809"
            },
            {
              "name": "35847",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35847"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1630",
    "datePublished": "2009-05-14T17:00:00",
    "dateReserved": "2009-05-14T00:00:00",
    "dateUpdated": "2024-08-07T05:20:34.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1630\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-05-14T17:30:00.780\",\"lastModified\":\"2020-08-21T18:45:27.517\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n nfs_permission en fs/nfs/dir.c en la implementaci\u00f3n cliente  NFS en Linux kernel v2.6.29.3 y versiones anteriores, cuando atomic_open est\u00e1 activo, no comprueba la ejecuci\u00f3n (tambi\u00e9n conocido como EXEC or MAY_EXEC) de permisos de bits, lo cual permite a usuarios locales evitar permisos y ejecutar ficheros, como lo demostrado por ficheros en un servidor de ficheros NFSv4.\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, and 3.\\n\\nIt was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-1132.html , https://rhn.redhat.com/errata/RHSA-2009-1106.html , and https://rhn.redhat.com/errata/RHSA-2009-1157.html .\",\"lastModified\":\"2009-09-10T00:00:00\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.4},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.6.29.3\",\"matchCriteriaId\":\"F8F01798-4A0A-405B-A70E-C858868A49E0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B42AB65-443B-4655-BAEA-4EB4A43D9509\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F92AB32-E7DE-43F4-B877-1F41FA162EC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C757774-08E7-40AA-B532-6F705C8F7639\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0507E91-567A-41D6-A7E5-5088A39F75FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4747CC68-FAF4-482F-929A-9DA6C24CB663\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5D026D0-EF78-438D-BEDD-FC8571F3ACEB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECFD8D25-7FDF-48DF-8728-5875C44FFB53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"902BA958-06AA-4EDF-9F9E-1030083EA361\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFF29100-E124-4416-95CF-18B4246D43F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC337BB7-9A45-4406-A783-851F279130EE\"}]}]}],\"references\":[{\"url\":\"http://article.gmane.org/gmane.linux.nfs/26592\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://bugzilla.linux-nfs.org/show_bug.cgi?id=131\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35106\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/35298\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/35394\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/35656\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/35847\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/36051\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/36327\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/37471\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2009-0111\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1809\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1844\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1865\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:135\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:148\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/05/13/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1157.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/archive/1/505254/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/507985/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/34934\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/usn-793-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0016.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1331\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3316\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=500297\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.