Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-1072

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

Published

2009-03-25T01:30:00.610

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:C/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: COMPLETE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

6.9

Weaknesses

Type: Primary
CWE-16

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 2.6.28.9	Yes
Operating System	opensuse	opensuse	10.3	Yes
Operating System	opensuse	opensuse	11.0	Yes
Operating System	opensuse	opensuse	11.1	Yes
Operating System	suse	linux_enterprise_desktop	10	Yes
Operating System	suse	linux_enterprise_server	10	Yes
Operating System	debian	debian_linux	4.0	Yes
Operating System	debian	debian_linux	5.0	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	8.04	Yes
Operating System	canonical	ubuntu_linux	8.10	Yes
Operating System	canonical	ubuntu_linux	9.04	Yes
Application	vmware	vcenter_server	4.0	Yes
Application	vmware	virtualcenter	2.0.2	Yes
Application	vmware	virtualcenter	2.5	Yes
Operating System	microsoft	windows	-	No
Application	vmware	server	2.0.0	Yes
Operating System	vmware	esx	3.0.3	Yes
Operating System	vmware	esx	3.5	Yes
Operating System	vmware	esx	4.0	Yes
Application	vmware	vma	4.0	Yes
Operating System	redhat	enterprise_linux	5.0	No

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911 ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html Mailing List, Third Party Advisory ([email protected])
http://secunia.com/advisories/34422 Broken Link ([email protected])
http://secunia.com/advisories/34432 Broken Link ([email protected])
http://secunia.com/advisories/34786 Broken Link ([email protected])
http://secunia.com/advisories/35121 Broken Link ([email protected])
http://secunia.com/advisories/35185 Broken Link ([email protected])
http://secunia.com/advisories/35343 Broken Link ([email protected])
http://secunia.com/advisories/35390 Broken Link ([email protected])
http://secunia.com/advisories/35394 Broken Link ([email protected])
http://secunia.com/advisories/35656 Broken Link ([email protected])
http://secunia.com/advisories/37471 Broken Link ([email protected])
http://thread.gmane.org/gmane.linux.kernel/805280 Broken Link ([email protected])
http://www.debian.org/security/2009/dsa-1800 Third Party Advisory ([email protected])
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9 Broken Link ([email protected])
http://www.openwall.com/lists/oss-security/2009/03/23/1 Mailing List, Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2009-1081.html Broken Link ([email protected])
http://www.securityfocus.com/archive/1/507985/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/34205 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/usn-793-1 Third Party Advisory ([email protected])
http://www.vmware.com/security/advisories/VMSA-2009-0016.html Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/0802 Broken Link ([email protected])
http://www.vupen.com/english/advisories/2009/3316 Broken Link ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/49356 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314 Third Party Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382 Third Party Advisory ([email protected])
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34422 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34432 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34786 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35121 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35185 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35343 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35390 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35394 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35656 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37471 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://thread.gmane.org/gmane.linux.kernel/805280 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1800 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2009/03/23/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2009-1081.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/507985/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/34205 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-793-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2009-0016.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/0802 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/3316 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49356 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)