Vulnerability Description
nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nilf | Nilfs | <= 2.0.13 |
Related Weaknesses (CWE)
References
- http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=5c95a57102e23e69
- http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=a5cb60e624e4863c
- http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=d807e1c968c1f288
- http://www.openwall.com/lists/oss-security/2009/07/24/4
- https://bugzilla.redhat.com/show_bug.cgi?id=505374
- http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=5c95a57102e23e69
- http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=a5cb60e624e4863c
- http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=d807e1c968c1f288
- http://www.openwall.com/lists/oss-security/2009/07/24/4
- https://bugzilla.redhat.com/show_bug.cgi?id=505374
FAQ
What is CVE-2009-2657?
CVE-2009-2657 is a vulnerability with a CVSS score of 4.6 (MEDIUM). nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkf...
How severe is CVE-2009-2657?
CVE-2009-2657 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2657?
Check the references section above for vendor advisories and patch information. Affected products include: Nilf Nilfs.