Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 270333

Summary: Kernel: nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission. (CVE-2009-1630)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: hardened-kernel+disabled, kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ee2cb7f32b299c2b06a31fde155457203e4b7dd
Whiteboard: [linux <2.6.27.25] [linux >=2.6.28 <2.6.29.5]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2009-05-18 17:50:28 UTC 
CVE-2009-1630 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1630):
  The nfs_permission function in fs/nfs/dir.c in the NFS client
  implementation in the Linux kernel 2.6.29.3 and earlier, when
  atomic_open is available, does not check execute (aka EXEC or
  MAY_EXEC) permission bits, which allows local users to bypass
  permissions and execute files, as demonstrated by files on an NFSv4
  fileserver.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-05-18 17:51:02 UTC 
No idea why this is not yet upstream.
Comment 2 Toralf Förster gentoo-dev 2009-05-19 07:57:32 UTC 
http://lkml.org/lkml/2009/5/18/436