CVE-2005-3623

Vulnerability Description

nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.htmlBroken LinkPatch
• http://lkml.org/lkml/2005/12/23/171Mailing ListPatch
• http://secunia.com/advisories/18788Broken LinkPatchVendor Advisory
• http://secunia.com/advisories/19038Broken LinkPatchVendor Advisory
• http://secunia.com/advisories/21465Broken LinkVendor Advisory
• http://secunia.com/advisories/22417Broken LinkVendor Advisory
• http://support.avaya.com/elmodocs2/security/ASA-2006-200.htmThird Party Advisory
• http://www.novell.com/linux/security/advisories/2006_06_kernel.htmlBroken LinkVendor Advisory
• http://www.redhat.com/support/errata/RHSA-2006-0575.htmlBroken Link
• http://www.securityfocus.com/bid/16570Broken LinkThird Party AdvisoryVDB Entry
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
• http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.htmlBroken LinkPatch
• http://lkml.org/lkml/2005/12/23/171Mailing ListPatch
• http://secunia.com/advisories/18788Broken LinkPatchVendor Advisory
• http://secunia.com/advisories/19038Broken LinkPatchVendor Advisory