CVE-2005-3623
Linux Kernel 2.6.14.4 - Missing Authorization for NFS ACL Modification
Title source: llmDescription
nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.
References (11)
Core 11
Core References
Broken Link, Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18788
Broken Link, Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19038
Broken Link, Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_06_kernel.html
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0575.html
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707
Mailing List, Patch x_refsource_misc
http://lkml.org/lkml/2005/12/23/171
Broken Link, Patch vendor-advisory
x_refsource_suse
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21465
Third Party Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22417
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16570
Scores
EPSS
0.0351
EPSS Percentile
87.8%
Details
CWE
CWE-862
Status
published
Products (1)
linux/linux_kernel
2.6.14.4
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026