[kernel-sec-discuss] r1498 - active

Michael Gilbert gilbert-guest at alioth.debian.org
Mon Sep 21 15:52:10 UTC 2009


Author: gilbert-guest
Date: 2009-09-21 15:52:10 +0000 (Mon, 21 Sep 2009)
New Revision: 1498

Added:
   active/CVE-2009-O_EXCL-creates-on-NFSv4
Log:
new issue

Added: active/CVE-2009-O_EXCL-creates-on-NFSv4
===================================================================
--- active/CVE-2009-O_EXCL-creates-on-NFSv4	                        (rev 0)
+++ active/CVE-2009-O_EXCL-creates-on-NFSv4	2009-09-21 15:52:10 UTC (rev 1498)
@@ -0,0 +1,23 @@
+Candidate: requested on oss-sec
+Description:
+ There is an issue with O_EXCL creates on NFSv4 that with enough 
+ attempts, it is possible for a lingering file from a failed create that 
+ is world-writable but only setuid execute as the user who is attempting 
+ these creates. Fortunately, root is not susceptible to this bug, so a 
+ setuid root file should not be possible. It might be possible to exploit 
+ this to gain access as another user though.
+References:
+ http://www.openwall.com/lists/oss-security/2009/09/21/2
+ https://bugzilla.redhat.com/show_bug.cgi?id=524520#c0
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.30-rc1) [79fb54ab]
+linux-2.6: released (2.6.30-1)
+2.6.18-etch-security:
+2.6.24-etch-security:
+2.6.26-lenny-security:
+2.6.15-dapper-security:
+2.6.22-gutsy-security:
+2.6.24-hardy-security:
+2.6.27-intrepid-security:




More information about the kernel-sec-discuss mailing list