1. Home
  2. Vulnerabilities
  3. CVE-2009-1072

CVE-2009-1072

CVSS v2.0 4.9 (Medium)
49% Progress
EPSS 96.59 % (100th)
96.59% Progress
Affected Products 13
Advisories 2
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

Weaknesses
CWE-16
Configuration
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2009-03-25 01:30:00
(15 years ago)
Updated Date
2023-11-07 02:03:48
(10 months ago)

Affected Products

Canonical

Debian

Linux

Microsoft

Opensuse

Redhat

Suse

Vmware

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 2.6.28.9 version cpe:2.3:o:linux:linux_kernel < 2.6.28.9

Configuration #2

    CPE23 From Up To
  Opensuse 10.3 cpe:2.3:o:opensuse:opensuse:10.3
  Opensuse 11.0 cpe:2.3:o:opensuse:opensuse:11.0
  Opensuse 11.1 cpe:2.3:o:opensuse:opensuse:11.1
  Suse Linux Enterprise Desktop 10 SP2 cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2
  Suse Linux Enterprise Server 10 SP2 cpe:2.3:o:suse:linux_enterprise_server:10:sp2

Configuration #3

    CPE23 From Up To
  Debian Linux 4.0 cpe:2.3:o:debian:debian_linux:4.0
  Debian Linux 5.0 cpe:2.3:o:debian:debian_linux:5.0

Configuration #4

    CPE23 From Up To
  Canonical Ubuntu Linux 6.06 cpe:2.3:o:canonical:ubuntu_linux:6.06
  Canonical Ubuntu Linux 8.04 cpe:2.3:o:canonical:ubuntu_linux:8.04
  Canonical Ubuntu Linux 8.10 cpe:2.3:o:canonical:ubuntu_linux:8.10
  Canonical Ubuntu Linux 9.04 cpe:2.3:o:canonical:ubuntu_linux:9.04

Configuration #5

AND
    CPE23 From Up To
OR  
  Vmware Vcenter Server 4.0 cpe:2.3:a:vmware:vcenter_server:4.0:-
OR  
  Running on/with
  Vmware Virtualcenter 2.0.2 cpe:2.3:a:vmware:virtualcenter:2.0.2
OR  
  Running on/with
  Vmware Virtualcenter 2.5 cpe:2.3:a:vmware:virtualcenter:2.5
OR  
  Running on/with
  Microsoft Windows cpe:2.3:o:microsoft:windows:-

Configuration #6

    CPE23 From Up To
  Vmware Server 2.0.0 cpe:2.3:a:vmware:server:2.0.0
  Vmware Esx 3.0.3 cpe:2.3:o:vmware:esx:3.0.3
  Vmware Esx 3.5 cpe:2.3:o:vmware:esx:3.5
  Vmware Esx 4.0 cpe:2.3:o:vmware:esx:4.0

Configuration #7

AND
    CPE23 From Up To
OR  
  Vmware Vma 4.0 cpe:2.3:a:vmware:vma:4.0
OR  
  Running on/with
  Redhat Enterprise Linux 5.0 cpe:2.3:o:redhat:enterprise_linux:5.0