CVE-2007-6733 - The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX lock

CVE-2007-6733

Summary

The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on an NFS filesystem and then changing this file's permissions, a related issue to CVE-2010-0727.

References

http://rhn.redhat.com/errata/RHBA-2007-0304.html
https://bugzilla.redhat.com/show_bug.cgi?id=218777
https://bugzilla.redhat.com/show_bug.cgi?id=570863

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*

CVSS

Base:	4.7 (as of 19-03-2012 - 04:00)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:M/Au:N/C:N/I:N/A:C

redhat via4

advisories

rhsa

id	RHBA-2007-0304

refmap via4

confirm

https://bugzilla.redhat.com/show_bug.cgi?id=218777
https://bugzilla.redhat.com/show_bug.cgi?id=570863

Last major update

19-03-2012 - 04:00

Published

16-03-2010 - 19:30

Last modified

19-03-2012 - 04:00