oss-sec mailing list archives
Re: CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 24 Mar 2009 20:21:27 -0400 (EDT)
====================================================== Name: CVE-2009-1072 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072 Reference: MLIST:[linux-kernel] 20090311 VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK? Reference: URL:http://thread.gmane.org/gmane.linux.kernel/805280 Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=76a67ec6fb79ff3570dcb5342142c16098299911 Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9 Reference: SECUNIA:34422 Reference: URL:http://secunia.com/advisories/34422 Reference: SECUNIA:34432 Reference: URL:http://secunia.com/advisories/34432 Reference: VUPEN:ADV-2009-0802 Reference: URL:http://www.vupen.com/english/advisories/2009/0802 Reference: XF:linux-kernel-capmknod-security-bypass(49356) Reference: URL:http://xforce.iss.net/xforce/xfdb/49356 nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
Current thread:
- CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root Eugene Teo (Mar 22)
- Re: CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root Steven M. Christey (Mar 24)