Date: Tue, 24 Mar 2009 20:21:27 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root ====================================================== Name: CVE-2009-1072 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072 Reference: MLIST:[linux-kernel] 20090311 VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK? Reference: URL:http://thread.gmane.org/gmane.linux.kernel/805280 Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=76a67ec6fb79ff3570dcb5342142c16098299911 Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-22.214.171.124 Reference: SECUNIA:34422 Reference: URL:http://secunia.com/advisories/34422 Reference: SECUNIA:34432 Reference: URL:http://secunia.com/advisories/34432 Reference: VUPEN:ADV-2009-0802 Reference: URL:http://www.vupen.com/english/advisories/2009/0802 Reference: XF:linux-kernel-capmknod-security-bypass(49356) Reference: URL:http://xforce.iss.net/xforce/xfdb/49356 nfsd in the Linux kernel before 126.96.36.199 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.