Total vulnerabilities in the database
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | - | 2.6.29.3.x |
| opensuse / opensuse | 11.1 | 11.1.x |
| opensuse / opensuse | 11.0 | 11.0.x |
| debian / debian_linux | 5.0 | 5.0.x |
| debian / debian_linux | 4.0 | 4.0.x |
| canonical / ubuntu_linux | 9.04 | 9.04.x |
| canonical / ubuntu_linux | 8.10 | 8.10.x |
| canonical / ubuntu_linux | 8.04 | 8.04.x |
| canonical / ubuntu_linux | 6.06 | 6.06.x |
| vmware / esx | 3.5 | 3.5.x |
| vmware / esx | 4.0 | 4.0.x |
| vmware / esx | 2.5.5 | 2.5.5.x |
| vmware / esx | 3.0.3 | 3.0.3.x |