CVE-2009-1630

kernel: nfs: fix NFS v4 client handling of MAY_EXEC in nfs_permission

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.

La función nfs_permission en fs/nfs/dir.c en la implementación cliente NFS en Linux kernel v2.6.29.3 y versiones anteriores, cuando atomic_open está activo, no comprueba la ejecución (también conocido como EXEC or MAY_EXEC) de permisos de bits, lo cual permite a usuarios locales evitar permisos y ejecutar ficheros, como lo demostrado por ficheros en un servidor de ficheros NFSv4.

Multiple vulnerabilities associated with the Linux 2.6 kernel have been addressed. These issues range from arbitrary code execution to denial of service vulnerabilities.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-05-14 CVE Reserved
2009-05-14 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (33)

URL	Tag	Source
http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html	Broken Link
http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html	Broken Link
http://secunia.com/advisories/35106	Broken Link
http://secunia.com/advisories/35298	Broken Link
http://secunia.com/advisories/35394	Broken Link
http://secunia.com/advisories/35656	Broken Link
http://secunia.com/advisories/35847	Broken Link
http://secunia.com/advisories/36051	Broken Link
http://secunia.com/advisories/36327	Broken Link
http://secunia.com/advisories/37471	Broken Link
http://wiki.rpath.com/Advisories:rPSA-2009-0111	Broken Link
http://www.securityfocus.com/archive/1/505254/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/507985/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/34934	Third Party Advisory
http://www.vupen.com/english/advisories/2009/1331	Broken Link
http://www.vupen.com/english/advisories/2009/3316	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990	Signature

URL	Date	SRC
http://article.gmane.org/gmane.linux.nfs/26592	2024-08-07
http://www.openwall.com/lists/oss-security/2009/05/13/2	2024-08-07
https://bugzilla.redhat.com/show_bug.cgi?id=500297	2024-08-07

URL	Date	SRC
http://bugzilla.linux-nfs.org/show_bug.cgi?id=131	2020-08-21
http://www.vmware.com/security/advisories/VMSA-2009-0016.html	2020-08-21

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html	2020-08-21
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html	2020-08-21
http://www.debian.org/security/2009/dsa-1809	2020-08-21
http://www.debian.org/security/2009/dsa-1844	2020-08-21
http://www.debian.org/security/2009/dsa-1865	2020-08-21
http://www.mandriva.com/security/advisories?name=MDVSA-2009:135	2020-08-21
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148	2020-08-21
http://www.redhat.com/support/errata/RHSA-2009-1157.html	2020-08-21
http://www.ubuntu.com/usn/usn-793-1	2020-08-21
https://access.redhat.com/security/cve/CVE-2009-1630	2009-07-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 2.6.29.3 Search vendor "Linux" for product "Linux Kernel" and version " <= 2.6.29.3"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				11.0 Search vendor "Opensuse" for product "Opensuse" and version "11.0"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				11.1 Search vendor "Opensuse" for product "Opensuse" and version "11.1"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				9.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04"		-		Affected
Vmware Search vendor "Vmware"		Esx Search vendor "Vmware" for product "Esx"				2.5.5 Search vendor "Vmware" for product "Esx" and version "2.5.5"		-		Affected
Vmware Search vendor "Vmware"		Esx Search vendor "Vmware" for product "Esx"				3.0.3 Search vendor "Vmware" for product "Esx" and version "3.0.3"		-		Affected
Vmware Search vendor "Vmware"		Esx Search vendor "Vmware" for product "Esx"				3.5 Search vendor "Vmware" for product "Esx" and version "3.5"		-		Affected
Vmware Search vendor "Vmware"		Esx Search vendor "Vmware" for product "Esx"				4.0 Search vendor "Vmware" for product "Esx" and version "4.0"		-		Affected