CVE-2005-3623

Linux Kernel - Missing Authorization

Title source: rule

Description

nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.

References (11)

[Broken Link, Patch] http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html

[Mailing List, Patch] http://lkml.org/lkml/2005/12/23/171

[Broken Link, Patch, Vendor Advisory] http://secunia.com/advisories/18788

[Broken Link, Patch, Vendor Advisory] http://secunia.com/advisories/19038

[Broken Link, Vendor Advisory] http://secunia.com/advisories/21465

[Broken Link, Vendor Advisory] http://secunia.com/advisories/22417

[Third Party Advisory] http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm

[Broken Link, Vendor Advisory] http://www.novell.com/linux/security/advisories/2006_06_kernel.html

[Broken Link] http://www.redhat.com/support/errata/RHSA-2006-0575.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/16570

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707

Scores

EPSS 0.0097

EPSS Percentile 76.3%

Classification

CWE

CWE-862

Status draft

Affected Products (1)

linux/linux_kernel

Timeline

Published Dec 31, 2005

Tracked Since Feb 18, 2026