Back to search
CVE-2009-3286
Published: Sep 22, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-852-1
vendor-advisory
x_refsource_UBUNTU
38794
third-party-advisory
x_refsource_SECUNIA
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
mailing-list
x_refsource_MLIST
oval:org.mitre.oval:def:9757
vdb-entry
signature
x_refsource_OVAL
SUSE-SA:2010:012
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:7527
vdb-entry
signature
x_refsource_OVAL
RHSA-2009:1548
vendor-advisory
x_refsource_REDHAT
38834
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20090921 CVE request: kernel: issue with O_EXCL creates on NFSv4
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=524520
x_refsource_CONFIRM
37105
third-party-advisory
x_refsource_SECUNIA
ADV-2010-0528
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now