CVE-2016-1237

Опубликовано: 24 июн. 2016

Источник: redhat

CVSS3: 7.8

CVSS2: 7.2

Описание

nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.

It was found that nfsd is missing permissions check when setting ACL on files, this may allow a local users to gain access to any file by setting a crafted ACL.

Отчет

This issue does not affect any of Red Hat's shipping products.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-863

https://bugzilla.redhat.com/show_bug.cgi?id=1350845kernel: Missing check for permissions when setting ACL

7.8 High

CVSS3

7.2 High

CVSS2

Связанные уязвимости

CVE-2016-1237

CVSS3: 5.5

ubuntu

больше 9 лет назад

nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.

CVE-2016-1237

CVSS3: 5.5

nvd

больше 9 лет назад

nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.

CVE-2016-1237

CVSS3: 5.5

debian

больше 9 лет назад

nfsd in the Linux kernel through 4.6.3 allows local users to bypass in ...

GHSA-r3gq-m2h3-69wv

CVSS3: 5.5

github

больше 3 лет назад

nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.

openSUSE-SU-2016:2290-1

suse-cvrf

больше 9 лет назад

Security update for the Linux Kernel

7.8 High

CVSS3

7.2 High

CVSS2