oss-sec mailing list archives
CVE request: kernel: issue with O_EXCL creates on NFSv4
From: Eugene Teo <eugeneteo () kernel sg>
Date: Mon, 21 Sep 2009 13:45:31 +0800
There is an issue with O_EXCL creates on NFSv4 that with enough attempts, it is possible for a lingering file from a failed create that is world-writable but only setuid execute as the user who is attempting these creates. Fortunately, root is not susceptible to this bug, so a setuid root file should not be possible. It might be possible to exploit this to gain access as another user though.
In-depth description/reproducer: https://bugzilla.redhat.com/show_bug.cgi?id=524520#c0 Upstream commits: http://git.kernel.org/linus/af85852d (fixed in v2.6.19-rc6) http://git.kernel.org/linus/81ac95c5 (fixed in v2.6.19-rc6) http://git.kernel.org/linus/79fb54ab (fixed in v2.6.30-rc1) Thanks, Eugene
Current thread:
- CVE request: kernel: issue with O_EXCL creates on NFSv4 Eugene Teo (Sep 20)
- Re: CVE request: kernel: issue with O_EXCL creates on NFSv4 Steven M. Christey (Sep 21)
- Re: CVE request: kernel: issue with O_EXCL creates on NFSv4 Eugene Teo (Sep 22)
- Re: CVE request: kernel: issue with O_EXCL creates on NFSv4 Steven M. Christey (Sep 21)
