Описание
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.
Отчет
This issue did not affect the versions of nfs-utils as shipped with Red Hat Enterprise Linux 6, 7, and 8 as /var/lib/nfs directory is owned by root:root.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | nfs-utils | Out of support scope | ||
| Red Hat Enterprise Linux 6 | nfs-utils | Not affected | ||
| Red Hat Enterprise Linux 7 | nfs-utils | Not affected | ||
| Red Hat Enterprise Linux 8 | nfs-utils | Not affected |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.
The nfs-utils package in SUSE Linux Enterprise Server 12 before and in ...
9.8 Critical
CVSS3