CVE-2009-1630
UnknownEPSS 0.48%
Last modified
CVE-2009-1630 is a vulnerability of currently unknown severity. The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.. EPSS estimates a 0.48% chance of exploitation in the next 30 days.
Description
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 2.6.29.3 |
| Opensuse | Opensuse | 11.0 |
| Opensuse | Opensuse | 11.1 |
| Debian | Debian Linux | 4.0 |
| Debian | Debian Linux | 5.0 |
| Canonical | Ubuntu Linux | 6.06 |
| Canonical | Ubuntu Linux | 8.04 |
| Canonical | Ubuntu Linux | 8.10 |
| Canonical | Ubuntu Linux | 9.04 |
| Vmware | Esx | 2.5.5 |
| Vmware | Esx | 3.0.3 |
| Vmware | Esx | 3.5 |
| Vmware | Esx | 4.0 |
References
- http://bugzilla.linux-nfs.org/show_bug.cgi?id=131Issue Tracking, Patch, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.htmlMailing List, Third Party Advisory
- http://secunia.com/advisories/35106Broken Link
- http://secunia.com/advisories/35298Broken Link
- http://secunia.com/advisories/35394Broken Link
- http://secunia.com/advisories/35656Broken Link
- http://secunia.com/advisories/35847Broken Link
- http://secunia.com/advisories/36051Broken Link
- http://secunia.com/advisories/36327Broken Link
- http://secunia.com/advisories/37471Broken Link
- http://www.debian.org/security/2009/dsa-1809Third Party Advisory
- http://www.debian.org/security/2009/dsa-1844Third Party Advisory
- http://www.debian.org/security/2009/dsa-1865Third Party Advisory
- http://www.openwall.com/lists/oss-security/2009/05/13/2Exploit, Mailing List, Third Party Advisory
- http://www.securityfocus.com/archive/1/505254/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/507985/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/34934Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/usn-793-1Third Party Advisory
- http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlPatch, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=500297Exploit, Issue Tracking, Patch, Third Party Advisory
- http://bugzilla.linux-nfs.org/show_bug.cgi?id=131Issue Tracking, Patch, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.htmlMailing List, Third Party Advisory
- http://secunia.com/advisories/35106Broken Link
- http://secunia.com/advisories/35298Broken Link
- http://secunia.com/advisories/35394Broken Link
- http://secunia.com/advisories/35656Broken Link
- http://secunia.com/advisories/35847Broken Link
- http://secunia.com/advisories/36051Broken Link
- http://secunia.com/advisories/36327Broken Link
- http://secunia.com/advisories/37471Broken Link
- http://www.debian.org/security/2009/dsa-1809Third Party Advisory
- http://www.debian.org/security/2009/dsa-1844Third Party Advisory
- http://www.debian.org/security/2009/dsa-1865Third Party Advisory
- http://www.openwall.com/lists/oss-security/2009/05/13/2Exploit, Mailing List, Third Party Advisory
- http://www.securityfocus.com/archive/1/505254/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/507985/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/34934Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/usn-793-1Third Party Advisory
- http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlPatch, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=500297Exploit, Issue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-1630?
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
How severe is CVE-2009-1630?
Severity scoring for CVE-2009-1630 is pending analysis. The EPSS model estimates a 0.48% probability of exploitation in the next 30 days.
How do I fix CVE-2009-1630?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2009-1630?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST