ByteOS Network

NVD Vulnerability Details :

CVE-2005-3623

Deferred

Source-secalert@redhat.com

Published At-31 Dec, 2005 | 05:00

Updated At-03 Apr, 2025 | 01:03

nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

Linux Kernel Organization, Inc

>>linux_kernel>>2.6.14.4

cpe:2.3:o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-862	Primary	nvd@nist.gov

CWE ID: CWE-862

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html	secalert@redhat.com	Broken Link Patch
http://lkml.org/lkml/2005/12/23/171	secalert@redhat.com	Mailing List Patch
http://secunia.com/advisories/18788	secalert@redhat.com	Broken Link Patch Vendor Advisory
http://secunia.com/advisories/19038	secalert@redhat.com	Broken Link Patch Vendor Advisory
http://secunia.com/advisories/21465	secalert@redhat.com	Broken Link Vendor Advisory
http://secunia.com/advisories/22417	secalert@redhat.com	Broken Link Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm	secalert@redhat.com	Third Party Advisory
http://www.novell.com/linux/security/advisories/2006_06_kernel.html	secalert@redhat.com	Broken Link Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0575.html	secalert@redhat.com	Broken Link
http://www.securityfocus.com/bid/16570	secalert@redhat.com	Broken Link Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707	secalert@redhat.com	Broken Link
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html	af854a3a-2127-422b-91ae-364da2661108	Broken Link Patch
http://lkml.org/lkml/2005/12/23/171	af854a3a-2127-422b-91ae-364da2661108	Mailing List Patch
http://secunia.com/advisories/18788	af854a3a-2127-422b-91ae-364da2661108	Broken Link Patch Vendor Advisory
http://secunia.com/advisories/19038	af854a3a-2127-422b-91ae-364da2661108	Broken Link Patch Vendor Advisory
http://secunia.com/advisories/21465	af854a3a-2127-422b-91ae-364da2661108	Broken Link Vendor Advisory
http://secunia.com/advisories/22417	af854a3a-2127-422b-91ae-364da2661108	Broken Link Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://www.novell.com/linux/security/advisories/2006_06_kernel.html	af854a3a-2127-422b-91ae-364da2661108	Broken Link Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0575.html	af854a3a-2127-422b-91ae-364da2661108	Broken Link
http://www.securityfocus.com/bid/16570	af854a3a-2127-422b-91ae-364da2661108	Broken Link Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707	af854a3a-2127-422b-91ae-364da2661108	Broken Link