PT-2009-5599 · Linux+1 · Linux Kernel+1

Anders Wäänänen

Published

2009-09-22

Updated

2017-09-19

CVE-2009-3286

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel version 2.6.18

Description The issue is related to the NFSv4 implementation in the Linux kernel, where it fails to properly clean up an inode when an O EXCL create fails. This can lead to files being created with insecure settings, such as setuid bits, potentially allowing local users to gain privileges. The problem is associated with the execution of the do open permission function, even when a create operation fails.

Recommendations For Linux kernel version 2.6.18, consider restricting access to the NFSv4 functionality until a proper fix is applied, and ensure that all file creations are thoroughly audited to prevent insecure settings.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-3286

DSA-1915-1

DSA-1928-1

DSA-1929-1

RHSA-2009:1548

RHSA-2009_1548

Affected Products

Linux Kernel

Red Hat

PT-2009-5599 · Linux+1 · Linux Kernel+1

CVE-2009-3286

Weakness Enumeration

Related Identifiers

Affected Products

References · 28