CVE-2005-3623
Advisory lineage Upstream: 0 Downstream: 1
Downstream
Modified
Published: 13 Feb 2006, 11:00
Last modified:07 Aug 2024, 23:17
Vulnerability Summary
Overall Risk (default)
low
20/100 CVSS Score
5 MEDIUM
v2.0 (nvd)
EPSS Score
0.97% LOW
1% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
13 Feb 2006, 11:00
Published
Vulnerability first disclosed
07 Aug 2024, 23:17
Last Modified
Vulnerability information updated
Description
nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.
CVSS Metrics
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.97%• Percentile: 77%
Techniques & Countermeasures
- CWE-862•Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Affected Systems
- linux•linux_kernel
2.6.14.4
References (11)
- http://secunia.com/advisories/18788
- http://secunia.com/advisories/19038
- http://www.novell.com/linux/security/advisories/2006_06_kernel.html
- http://www.redhat.com/support/errata/RHSA-2006-0575.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707
- http://lkml.org/lkml/2005/12/23/171
- http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html
- http://secunia.com/advisories/21465
- http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
- http://secunia.com/advisories/22417
- http://www.securityfocus.com/bid/16570