CVE-2005-3623
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/12/2005
Last modified:
03/04/2025
Description
nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
- http://lkml.org/lkml/2005/12/23/171
- http://secunia.com/advisories/18788
- http://secunia.com/advisories/19038
- http://secunia.com/advisories/21465
- http://secunia.com/advisories/22417
- http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
- http://www.novell.com/linux/security/advisories/2006_06_kernel.html
- http://www.redhat.com/support/errata/RHSA-2006-0575.html
- http://www.securityfocus.com/bid/16570
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707
- http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
- http://lkml.org/lkml/2005/12/23/171
- http://secunia.com/advisories/18788
- http://secunia.com/advisories/19038
- http://secunia.com/advisories/21465
- http://secunia.com/advisories/22417
- http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
- http://www.novell.com/linux/security/advisories/2006_06_kernel.html
- http://www.redhat.com/support/errata/RHSA-2006-0575.html
- http://www.securityfocus.com/bid/16570
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707