oss-sec mailing list archives

Linux CVE-2016-1237: nfsd: any user can set a file's ACL over NFS and grant access to it

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sat, 25 Jun 2016 07:12:39 +0200

Hi

David Sinquin reported that anyone may be able to grant themselves
permissions to a file by setting the ACL. nfsd did not check
permissions when setting ACLs.

CVE-2016-1237 was assigned by the Debian security team for this issue
were David Singuin initially reported the issue.

The permission checks and inode locking were lost in a refactoring
with commit 4ac7249ea5a0ceef9f8269f63f33cc873c3fac61 which was in
v3.14-rc1.

The issue is fixed with commit
999653786df6954a31044528ac3f7a5dadca08f4 in Linus' tree.

Introduced in: https://git.kernel.org/linus/4ac7249ea5a0ceef9f8269f63f33cc873c3fac61 (v3.14-rc1)

Prerequisite: https://git.kernel.org/linus/485e71e8fb6356c08c7fc6bcce4bf02c9a9a663f 

Fixed by https://git.kernel.org/linus/999653786df6954a31044528ac3f7a5dadca08f4 

Regards,
Salvatore

Attachment: signature.asc
Description:

Current thread:

Linux CVE-2016-1237: nfsd: any user can set a file's ACL over NFS and grant access to it Salvatore Bonaccorso (Jun 24)