National Cyber-Alert System
Vulnerability Summary for CVE-2009-1630
Original release date:05/14/2009
Last revised:08/19/2009
Source:
US-CERT/NIST
Overview
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
Impact
CVSS Severity (version 2.0):
Impact Subscore:
6.4
Exploitability Subscore:
3.4
CVSS Version 2 Metrics:
Access Vector: Locally exploitable
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
- Official Statement from Red Hat (07/15/2009)
-
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-1630
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, and 3.
It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1157.html
Future kernel updates in Red Hat Enterprise Linux 4 and 5 will address this flaw.
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.
External Source: MLIST
Name: [nfsv4] 20061117 [Patch] Re: Status of execute permissions in NFSv4 ACLs ?
Type: Patch Information
External Source: CONFIRM
Name: http://bugzilla.linux-nfs.org/show_bug.cgi?id=131
Type: Patch Information
External Source: CONFIRM
Name: https://bugzilla.redhat.com/show_bug.cgi?id=500297
External Source: VUPEN
Name: ADV-2009-1331
External Source: BID
Name: 34934
External Source: BUGTRAQ
Name: 20090724 rPSA-2009-0111-1 kernel
External Source: REDHAT
Name: RHSA-2009:1157
External Source: MLIST
Name: [oss-security] 20090513 CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission
External Source: MANDRIVA
Name: MDVSA-2009:148
External Source: MANDRIVA
Name: MDVSA-2009:135
External Source: DEBIAN
Name: DSA-1865
External Source: DEBIAN
Name: DSA-1844
External Source: DEBIAN
Name: DSA-1809
External Source: CONFIRM
Name: http://wiki.rpath.com/Advisories:rPSA-2009-0111
External Source: SECUNIA
Name: 36327
External Source: SECUNIA
Name: 36051
External Source: SECUNIA
Name: 35847
External Source: SECUNIA
Name: 35394
External Source: SECUNIA
Name: 35298
External Source: SECUNIA
Name: 35106
External Source: SUSE
Name: SUSE-SA:2009:038
External Source: SUSE
Name: SUSE-SA:2009:031
External Source: MLIST
Name: [nfsv4] 20061116 Status of execute permissions in NFSv4 ACLs ?
External Source: MLIST
Name: [linux-nfs] 20090509 [NFS] [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.