[kernel-sec-discuss] r1080 - active
dannf at alioth.debian.org
dannf at alioth.debian.org
Sat Jan 5 23:54:01 UTC 2008
Author: dannf
Date: 2008-01-05 23:54:01 +0000 (Sat, 05 Jan 2008)
New Revision: 1080
Modified:
active/CVE-2007-0004
Log:
flesh out; add debian status
Modified: active/CVE-2007-0004
===================================================================
--- active/CVE-2007-0004 2007-12-29 15:19:04 UTC (rev 1079)
+++ active/CVE-2007-0004 2008-01-05 23:54:01 UTC (rev 1080)
@@ -1,13 +1,24 @@
Candidate: CVE-2007-0004
Description:
+ The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL)
+ 3, when a filesystem is mounted with the noacl option, checks permissions for
+ the open system call via vfs_permission (mode bits) data rather than an NFS
+ ACCESS call to the server, which allows local client processes to obtain a
+ false success status from open calls that the server would deny, and possibly
+ obtain sensitive information about file permissions on the server, as
+ demonstrated in a root_squash environment. NOTE: it is uncertain whether any
+ scenarios involving this issue cross privilege boundaries.
References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=199715
Ubuntu-Description:
Notes:
+ dannf> Don't know that this bug every affected upstream, but looks like we
+ dannf> may have introduced it into 2.4.27 w/ 084_ea_acl-2.diff
Bugs:
-upstream:
-linux-2.6:
-2.6.18-etch-security:
-2.6.8-sarge-security:
+upstream: N/A
+linux-2.6: N/A
+2.6.18-etch-security: N/A
+2.6.8-sarge-security: N/A
2.4.27-sarge-security:
2.6.15-dapper-security:
2.6.17-edgy-security:
More information about the kernel-sec-discuss
mailing list