CVE-2009-2657

EUVD-2009-2651
nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
nilfnilfs
𝑥
≤ 2.0.13
nilfnilfs
1.0.0
nilfnilfs
1.0.1
nilfnilfs
1.0.2
nilfnilfs
1.0.3
nilfnilfs
1.0.4
nilfnilfs
1.0.5
nilfnilfs
1.0.6
nilfnilfs
1.0.7
nilfnilfs
1.0.8
nilfnilfs
1.0.9
nilfnilfs
1.0.10
nilfnilfs
1.0.11
nilfnilfs
1.0.12
nilfnilfs
1.0.13
nilfnilfs
1.0.14
nilfnilfs
1.0.15
nilfnilfs
1.0.16
nilfnilfs
1.0.17
nilfnilfs
1.0.18
nilfnilfs
2.0.0
nilfnilfs
2.0.1
nilfnilfs
2.0.2
nilfnilfs
2.0.4
nilfnilfs
2.0.5
nilfnilfs
2.0.6
nilfnilfs
2.0.7
nilfnilfs
2.0.9
nilfnilfs
2.0.10
nilfnilfs
2.0.12
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nilfs2-tools
dapper
dne
hardy
dne
intrepid
ignored
jaunty
ignored
karmic
ignored
lucid
dne
maverick
dne
natty
dne
Common Weakness Enumeration
References
http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=5c95a57102e23e6982467cbe23e922450d3f38ed
http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=a5cb60e624e4863c8d6feaf2ea8791abb48d6f15
http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=d807e1c968c1f288486fb7d6f817434838fc12f7
http://www.openwall.com/lists/oss-security/2009/07/24/4
https://bugzilla.redhat.com/show_bug.cgi?id=505374
http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=5c95a57102e23e6982467cbe23e922450d3f38ed
http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=a5cb60e624e4863c8d6feaf2ea8791abb48d6f15
http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=d807e1c968c1f288486fb7d6f817434838fc12f7
http://www.openwall.com/lists/oss-security/2009/07/24/4
https://bugzilla.redhat.com/show_bug.cgi?id=505374