CVE-2005-3623

Linux Kernel 2.6.14.4 - Missing Authorization for NFS ACL Modification

Title source: llm
STIX 2.1

Description

nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.

References (11)

Core 11
Core References
Broken Link, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18788
Broken Link, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19038
Broken Link, Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_06_kernel.html
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0575.html
Mailing List, Patch x_refsource_misc
http://lkml.org/lkml/2005/12/23/171
Broken Link, Patch vendor-advisory x_refsource_suse
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21465
Third Party Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22417
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16570

Scores

EPSS 0.0351
EPSS Percentile 87.8%

Details

CWE
CWE-862
Status published
Products (1)
linux/linux_kernel 2.6.14.4
Published Dec 31, 2005
Tracked Since Feb 18, 2026