Vigil@nce: Linux kernel, privilege elevation via nfsd
March 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A NFS client can create special files via mknod().
Gravity: 1/4
Consequences: privileged access/rights
Provenance: user account
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 23/03/2009
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The mknod() system call is used to create special files. The user
must have the CAP_MKNOD capability to be allowed to use it.
The CAP_NFSD_SET variable of linux/capability.h defines
capabilities left to the client by the nfsd daemon. However,
CAP_NFSD_SET does not suppress the CAP_MKNOD capability.
A NFS client can therefore create special files via mknod().
CHARACTERISTICS
Identifiers: BID-34205, VIGILANCE-VUL-8553
http://vigilance.fr/vulnerability/Linux-kernel-privilege-elevation-via-nfsd-8553