oss-sec mailing list archives
Linux CVE-2016-1237: nfsd: any user can set a file's ACL over NFS and grant access to it
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sat, 25 Jun 2016 07:12:39 +0200
Hi David Sinquin reported that anyone may be able to grant themselves permissions to a file by setting the ACL. nfsd did not check permissions when setting ACLs. CVE-2016-1237 was assigned by the Debian security team for this issue were David Singuin initially reported the issue. The permission checks and inode locking were lost in a refactoring with commit 4ac7249ea5a0ceef9f8269f63f33cc873c3fac61 which was in v3.14-rc1. The issue is fixed with commit 999653786df6954a31044528ac3f7a5dadca08f4 in Linus' tree. Introduced in: https://git.kernel.org/linus/4ac7249ea5a0ceef9f8269f63f33cc873c3fac61 (v3.14-rc1) Prerequisite: https://git.kernel.org/linus/485e71e8fb6356c08c7fc6bcce4bf02c9a9a663f Fixed by https://git.kernel.org/linus/999653786df6954a31044528ac3f7a5dadca08f4 Regards, Salvatore
Attachment:
signature.asc
Description:
Current thread:
- Linux CVE-2016-1237: nfsd: any user can set a file's ACL over NFS and grant access to it Salvatore Bonaccorso (Jun 24)