Your submission was sent successfully! Close

CVE-2009-1630

Published: 14 May 2009

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (2.6.24-24.55)
intrepid
Released (2.6.27-14.35)
jaunty
Released (2.6.28-13.45)
upstream Needs triage

linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper
Released (2.6.15-54.77)
hardy Does not exist

intrepid Does not exist

jaunty Does not exist

upstream Needs triage