Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2009-3286
HistorySep 22, 2009 - 10:30 a.m.

CVE-2009-3286

2009-09-2210:30:00
CWE-264
[email protected]
web.nvd.nist.gov
9

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

High

EPSS

0

Percentile

10.1%

JSON

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails.

Affected configurations

Nvd
Node
linuxlinux_kernelMatch2.6.18
VendorProductVersionCPE
linuxlinux_kernel2.6.18cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*

Related

prion 1
ubuntucve 1
veracode 1
cvelist 1
seebug 1
cve 1
openvas 22
oraclelinux 2
redhat 2
nessus 17
centos 1
suse 2
securityvulns 1
osv 3
debian 3
ubuntu 1
vmware 4
prion
prion
Design/Logic Flaw
2009-09-22 10:30:00
ubuntucve
ubuntucve
CVE-2009-3286
2009-09-22 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:39:05
cvelist
cvelist
CVE-2009-3286
2009-09-22 10:00:00
seebug
seebug
Linux Kernel O_EXCL NFSv4本地权限提升漏洞
2009-09-23 00:00:00
cve
cve
CVE-2009-3286
2009-09-22 10:30:00
openvas
openvas
CentOS Security Advisory CESA-2009:1548 (kernel)
2009-11-11 00:00:00
RedHat Security Advisory RHSA-2009:1548
2009-11-11 00:00:00
CentOS Security Advisory CESA-2009:1548 (kernel)
2009-11-11 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2009-11-03 00:00:00
Oracle Enterprise Linux 5.5 kernel security and bug fix update
2010-04-05 00:00:00
redhat
redhat
(RHSA-2009:1548) Important: kernel security and bug fix update
2009-11-03 00:00:00
(RHSA-2009:1692) Important: rhev-hypervisor security and bug fix update
2009-12-23 00:00:00
nessus
nessus
OracleVM 2.2 : kernel (OVMSA-2009-0033)
2014-11-26 00:00:00
Scientific Linux Security Update : kernel on SL5.x i386/x86_64
2013-03-06 00:00:00
SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1581 / 1588 / 1591)
2009-12-03 00:00:00
centos
centos
kernel security update
2009-11-04 19:57:14
suse
suse
remote denial of service in kernel
2009-12-02 17:15:31
local privilege escalation, remote denial of in kernel
2010-02-15 16:54:24
securityvulns
securityvulns
[SECURITY] [DSA 1915-1] New Linux 2.6.26 packages fix several vulnerabilities
2009-10-23 00:00:00
osv
osv
linux-2.6 - several vulnerabilities
2009-11-05 00:00:00
linux-2.6 - several vulnerabilities
2009-10-22 00:00:00
linux-2.6.24 - several vulnerabilities
2009-11-05 00:00:00
debian
debian
[SECURITY] [DSA 1915-1] New Linux 2.6.26 packages fix several vulnerabilities
2009-10-23 15:58:04
[SECURITY] [DSA 1929-1] New Linux 2.6.18 packages fix several vulnerabilities
2009-11-06 00:51:43
[SECURITY] [DSA 1928-1] New Linux 2.6.24 packages fix several vulnerabilities
2009-11-05 22:03:48
ubuntu
ubuntu
Linux kernel vulnerabilities
2009-10-22 00:00:00
vmware
vmware
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

High

EPSS

0

Percentile

10.1%

JSON
Related for NVD:CVE-2009-3286
prion1ubuntucve1veracode1cvelist1seebug1cve1openvas22oraclelinux2redhat2nessus17centos1suse2securityvulns1osv3debian3ubuntu1vmware4