nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.
References
Configurations
History
21 Nov 2024, 00:02
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html - Broken Link, Patch | |
References | () http://lkml.org/lkml/2005/12/23/171 - Mailing List, Patch | |
References | () http://secunia.com/advisories/18788 - Broken Link, Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/19038 - Broken Link, Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/21465 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/22417 - Broken Link, Vendor Advisory | |
References | () http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm - Third Party Advisory | |
References | () http://www.novell.com/linux/security/advisories/2006_06_kernel.html - Broken Link, Vendor Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2006-0575.html - Broken Link | |
References | () http://www.securityfocus.com/bid/16570 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707 - Broken Link |
02 Feb 2024, 02:19
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 | |
References | (SECUNIA) http://secunia.com/advisories/18788 - Broken Link, Patch, Vendor Advisory | |
References | (MISC) http://lkml.org/lkml/2005/12/23/171 - Mailing List, Patch | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707 - Broken Link | |
References | (SUSE) http://www.novell.com/linux/security/advisories/2006_06_kernel.html - Broken Link, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/19038 - Broken Link, Patch, Vendor Advisory | |
References | (CONFIRM) http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/21465 - Broken Link, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/16570 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/22417 - Broken Link, Vendor Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2006-0575.html - Broken Link | |
References | (SUSE) http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html - Broken Link, Patch |
Information
Published : 2005-12-31 05:00
Updated : 2024-11-21 00:02
NVD link : CVE-2005-3623
Mitre link : CVE-2005-3623
CVE.ORG link : CVE-2005-3623
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-862
Missing Authorization