CVE-2009-2657

nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
nilfnilfs
𝑥
≤ 2.0.13
nilfnilfs
1.0.0
nilfnilfs
1.0.1
nilfnilfs
1.0.2
nilfnilfs
1.0.3
nilfnilfs
1.0.4
nilfnilfs
1.0.5
nilfnilfs
1.0.6
nilfnilfs
1.0.7
nilfnilfs
1.0.8
nilfnilfs
1.0.9
nilfnilfs
1.0.10
nilfnilfs
1.0.11
nilfnilfs
1.0.12
nilfnilfs
1.0.13
nilfnilfs
1.0.14
nilfnilfs
1.0.15
nilfnilfs
1.0.16
nilfnilfs
1.0.17
nilfnilfs
1.0.18
nilfnilfs
2.0.0
nilfnilfs
2.0.1
nilfnilfs
2.0.2
nilfnilfs
2.0.4
nilfnilfs
2.0.5
nilfnilfs
2.0.6
nilfnilfs
2.0.7
nilfnilfs
2.0.9
nilfnilfs
2.0.10
nilfnilfs
2.0.12
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nilfs2-tools
natty
dne
maverick
dne
lucid
dne
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=5c95a57102e23e6982467cbe23e922450d3f38ed
http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=a5cb60e624e4863c8d6feaf2ea8791abb48d6f15
http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=d807e1c968c1f288486fb7d6f817434838fc12f7
http://www.openwall.com/lists/oss-security/2009/07/24/4
https://bugzilla.redhat.com/show_bug.cgi?id=505374
http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=5c95a57102e23e6982467cbe23e922450d3f38ed
http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=a5cb60e624e4863c8d6feaf2ea8791abb48d6f15
http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=d807e1c968c1f288486fb7d6f817434838fc12f7
http://www.openwall.com/lists/oss-security/2009/07/24/4
https://bugzilla.redhat.com/show_bug.cgi?id=505374