4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
21.4%
The nfs_permission function in fs/nfs/dir.c in the NFS client
implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open
is available, does not check execute (aka EXEC or MAY_EXEC) permission
bits, which allows local users to bypass permissions and execute files, as
demonstrated by files on an NFSv4 fileserver.