CVE-2005-3623
5
CVSS Score
Medium
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Link copied!
Description
nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.
CVSS Vector Details
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None
Affected Software Configurations
- o linux linux_kernel 2.6.14.4 * * * * * * *
Weaknesses (CWE)
- CWE-862
References & External Links
- http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
- http://lkml.org/lkml/2005/12/23/171
- http://secunia.com/advisories/18788
- http://secunia.com/advisories/19038
- http://secunia.com/advisories/21465
- http://secunia.com/advisories/22417
- http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
- http://www.novell.com/linux/security/advisories/2006_06_kernel.html
- http://www.redhat.com/support/errata/RHSA-2006-0575.html
- http://www.securityfocus.com/bid/16570
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707
- http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
- http://lkml.org/lkml/2005/12/23/171
- http://secunia.com/advisories/18788
- http://secunia.com/advisories/19038
- http://secunia.com/advisories/21465
- http://secunia.com/advisories/22417
- http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
- http://www.novell.com/linux/security/advisories/2006_06_kernel.html
- http://www.redhat.com/support/errata/RHSA-2006-0575.html
- http://www.securityfocus.com/bid/16570
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707
External Resources
CVE History Timeline
Feb 13, 2006 15:47
Initial Analysis
Oct 11, 2017 01:30
CVE Modified
Feb 02, 2024 02:19
Modified Analysis
May 14, 2024 01:32
CVE Modified
Nov 21, 2024 00:02
CVE Modified