Upstream information
Description
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.NVD CVSS v2 Base Score: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Novell/SUSE information
Novell Bugzilla entry: 503353 SUSE Security Advisories:- SUSE-SA:2009:031, published Mon, 09 Jun 2009 09:00:00 +0000
- SUSE-SA:2009:038, published Thu, 23 Jul 2009 14:00:00 +0000
- SUSE-SA:2009:045, published Thu, 20 Aug 2009 13:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM zSeries 64bit |
| sles10-sp2-debuginfo.s390x sles10-sp2.s390x ZYPP Patch Nr: 6436 |
| SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit |
| sles10-sp2-debuginfo.s390x sles10-sp2.s390x ZYPP Patch Nr: 6436 |
| SUSE Linux Enterprise Desktop 10 SP2 for x86 |
| sled10-sp2.x86 sles10-sp2.x86 sles10-sp2-debuginfo.x86 sle10-sp2-sdk.x86 ZYPP Patch Nr: 6439 |
| SUSE Linux Enterprise 10 SP2 DEBUGINFO for x86 |
| sled10-sp2.x86 sles10-sp2.x86 sles10-sp2-debuginfo.x86 sle10-sp2-sdk.x86 ZYPP Patch Nr: 6439 |
| SUSE Linux Enterprise Server 10 SP2 for x86 |
| sled10-sp2.x86 sles10-sp2.x86 sles10-sp2-debuginfo.x86 sle10-sp2-sdk.x86 ZYPP Patch Nr: 6439 |
| SUSE Linux Enterprise High Availability Extension 11 |
| sle11-sdk.x86-64 sle11-hae.x86-64 sle11-debuginfo.x86-64 sles11.x86-64 sled11.x86-64 SAT Patch Nr: 1087 |
| SUSE Linux Enterprise High Availability Extension 11 |
| sle11-hae.ia64 sles11.ia64 sle11-debuginfo.ia64 SAT Patch Nr: 1078 |
| SUSE Linux Enterprise 10 SP2 DEBUGINFO for IPF |
| sles10-sp2.ia64 sle10-sp2-sdk.ia64 sles10-sp2-debuginfo.ia64 ZYPP Patch Nr: 6441 |
| SUSE Linux Enterprise Server 10 SP2 for IPF |
| sles10-sp2.ia64 sle10-sp2-sdk.ia64 sles10-sp2-debuginfo.ia64 ZYPP Patch Nr: 6441 |
| SUSE Linux Enterprise High Availability Extension 11 |
| sle11-hae.s390x sles11.s390x sle11-debuginfo.s390x SAT Patch Nr: 1079 |
| SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T |
| sled10-sp2.x86-64 sles10-sp2.x86-64 sles10-sp2-debuginfo.x86-64 sle10-sp2-sdk.x86-64 ZYPP Patch Nr: 6437 |
| SUSE Linux Enterprise 10 SP2 DEBUGINFO for AMD64 and Intel EM64T |
| sled10-sp2.x86-64 sles10-sp2.x86-64 sles10-sp2-debuginfo.x86-64 sle10-sp2-sdk.x86-64 ZYPP Patch Nr: 6437 |
| SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T |
| sled10-sp2.x86-64 sles10-sp2.x86-64 sles10-sp2-debuginfo.x86-64 sle10-sp2-sdk.x86-64 ZYPP Patch Nr: 6437 |
| openSUSE 10.3 |
| |
| SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM POWER |
| sles10-sp2-debuginfo.ppc sle10-sp2-sdk.ppc sles10-sp2.ppc ZYPP Patch Nr: 6435 |
| SUSE Linux Enterprise Server 10 SP2 for IBM POWER |
| sles10-sp2-debuginfo.ppc sle10-sp2-sdk.ppc sles10-sp2.ppc ZYPP Patch Nr: 6435 |
| SUSE Linux Enterprise High Availability Extension 11 |
| sle11-hae.ppc sle11-debuginfo.ppc sles11.ppc SAT Patch Nr: 1080 |
| SUSE Linux Enterprise High Availability Extension 11 |
| sled11.x86 sle11-hae.x86 sle11-debuginfo.x86 sle11-sdk.x86 sles11.x86 SAT Patch Nr: 1086 |