CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
10.1%
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails.
Vendor | Product | Version | CPE |
---|---|---|---|
linux | linux_kernel | 2.6.18 | cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:* |
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=81ac95c5
lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
lists.vmware.com/pipermail/security-announce/2010/000082.html
secunia.com/advisories/37105
secunia.com/advisories/38794
secunia.com/advisories/38834
www.openwall.com/lists/oss-security/2009/09/21/2
www.ubuntu.com/usn/USN-852-1
www.vupen.com/english/advisories/2010/0528
bugzilla.redhat.com/show_bug.cgi?id=524520
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7527
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9757
rhn.redhat.com/errata/RHSA-2009-1548.html