1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
PublicDate: 2007-09-18
Candidate: CVE-2007-0004
References:
https://bugzilla.redhat.com/show_bug.cgi?id=199715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0004
Description:
The NFS client implementation in the kernel in Red Hat Enterprise Linux
(RHEL) 3, when a filesystem is mounted with the noacl option, checks
permissions for the open system call via vfs_permission (mode bits) data
rather than an NFS ACCESS call to the server, which allows local client
processes to obtain a false success status from open calls that the server
would deny, and possibly obtain sensitive information about file
permissions on the server, as demonstrated in a root_squash environment.
NOTE: it is uncertain whether any scenarios involving this issue cross
privilege boundaries.
Ubuntu-Description:
Notes:
jdstrand> affects kernel nfs client implementation in RedHat 3.
This is a 2.4 series kernel. RedHat 4 (2.6.9) is not affected.
Ignoring
Bugs:
Priority: low
Assigned-to:
#sid_PKG:
#dapper_PKG:
#edgy_PKG:
#feisty_PKG:
#devel_PKG:
|