PT-2005-4386 · Linux+1 · Linux Kernel+1
Martin Walter
·
Published
2005-12-31
·
Updated
2024-02-02
·
CVE-2005-3623
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel version 2.6.14.4
Description
The issue concerns a lack of privilege checking in the Linux kernel, specifically in the nfs2acl.c file. This omission allows remote attackers to bypass access controls (ACLs) on files located on exported NFS filesystems that are mounted as readonly. This can lead to unauthorized access to files.
Recommendations
For Linux kernel version 2.6.14.4, consider restricting access to the nfs2acl.c functionality until a patch is available. As a temporary workaround, restrict the setting of access controls on exported NFS filesystems to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel
Red Hat