[kernel-sec-discuss] r1498 - active
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Sep 21 15:52:10 UTC 2009
Author: gilbert-guest
Date: 2009-09-21 15:52:10 +0000 (Mon, 21 Sep 2009)
New Revision: 1498
Added:
active/CVE-2009-O_EXCL-creates-on-NFSv4
Log:
new issue
Added: active/CVE-2009-O_EXCL-creates-on-NFSv4
===================================================================
--- active/CVE-2009-O_EXCL-creates-on-NFSv4 (rev 0)
+++ active/CVE-2009-O_EXCL-creates-on-NFSv4 2009-09-21 15:52:10 UTC (rev 1498)
@@ -0,0 +1,23 @@
+Candidate: requested on oss-sec
+Description:
+ There is an issue with O_EXCL creates on NFSv4 that with enough
+ attempts, it is possible for a lingering file from a failed create that
+ is world-writable but only setuid execute as the user who is attempting
+ these creates. Fortunately, root is not susceptible to this bug, so a
+ setuid root file should not be possible. It might be possible to exploit
+ this to gain access as another user though.
+References:
+ http://www.openwall.com/lists/oss-security/2009/09/21/2
+ https://bugzilla.redhat.com/show_bug.cgi?id=524520#c0
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.30-rc1) [79fb54ab]
+linux-2.6: released (2.6.30-1)
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:
More information about the kernel-sec-discuss
mailing list