CVE-2009-1630

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
linuxlinux_kernel
𝑥
≤ 2.6.29.3
opensuseopensuse
11.0
opensuseopensuse
11.1
debiandebian_linux
4.0
debiandebian_linux
5.0
canonicalubuntu_linux
6.06
canonicalubuntu_linux
8.04
canonicalubuntu_linux
8.10
canonicalubuntu_linux
9.04
vmwareesx
2.5.5
vmwareesx
3.0.3
vmwareesx
3.5
vmwareesx
4.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
jaunty
Fixed 2.6.28-13.45
released
intrepid
Fixed 2.6.27-14.35
released
hardy
Fixed 2.6.24-24.55
released
dapper
dne
linux-source-2.6.15
jaunty
dne
intrepid
dne
hardy
dne
dapper
Fixed 2.6.15-54.77
released
Common Weakness Enumeration
References
http://article.gmane.org/gmane.linux.nfs/26592
http://bugzilla.linux-nfs.org/show_bug.cgi?id=131
http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html
http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html
http://secunia.com/advisories/35106
http://secunia.com/advisories/35298
http://secunia.com/advisories/35394
http://secunia.com/advisories/35656
http://secunia.com/advisories/35847
http://secunia.com/advisories/36051
http://secunia.com/advisories/36327
http://secunia.com/advisories/37471
http://wiki.rpath.com/Advisories:rPSA-2009-0111
http://www.debian.org/security/2009/dsa-1809
http://www.debian.org/security/2009/dsa-1844
http://www.debian.org/security/2009/dsa-1865
http://www.mandriva.com/security/advisories?name=MDVSA-2009:135
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148
http://www.openwall.com/lists/oss-security/2009/05/13/2
http://www.redhat.com/support/errata/RHSA-2009-1157.html
http://www.securityfocus.com/archive/1/505254/100/0/threaded
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/34934
http://www.ubuntu.com/usn/usn-793-1
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/1331
http://www.vupen.com/english/advisories/2009/3316
https://bugzilla.redhat.com/show_bug.cgi?id=500297
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990
http://article.gmane.org/gmane.linux.nfs/26592
http://bugzilla.linux-nfs.org/show_bug.cgi?id=131
http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html
http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html
http://secunia.com/advisories/35106
http://secunia.com/advisories/35298
http://secunia.com/advisories/35394
http://secunia.com/advisories/35656
http://secunia.com/advisories/35847
http://secunia.com/advisories/36051
http://secunia.com/advisories/36327
http://secunia.com/advisories/37471
http://wiki.rpath.com/Advisories:rPSA-2009-0111
http://www.debian.org/security/2009/dsa-1809
http://www.debian.org/security/2009/dsa-1844
http://www.debian.org/security/2009/dsa-1865
http://www.mandriva.com/security/advisories?name=MDVSA-2009:135
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148
http://www.openwall.com/lists/oss-security/2009/05/13/2
http://www.redhat.com/support/errata/RHSA-2009-1157.html
http://www.securityfocus.com/archive/1/505254/100/0/threaded
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/34934
http://www.ubuntu.com/usn/usn-793-1
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/1331
http://www.vupen.com/english/advisories/2009/3316
https://bugzilla.redhat.com/show_bug.cgi?id=500297
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990