Vulnerability in Linux Linux_kernel
CVE-2009-1072
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the ro…
EPSS: 0.004 (34.0th percentile) — read the EPSS interpretation.
Affected products
- Linux Linux_kernel
- Microsoft Windows
- Vmware Esx — versions 3.0.3, 3.5, 4.0
- Vmware Server — versions 2.0.0
- Vmware Vcenter_server — versions 4.0
- Vmware Virtualcenter — versions 2.0.2, 2.5
- Vmware Vma — versions 4.0
- Canonical Ubuntu_linux — versions 6.06, 8.04, 8.10
- Debian Debian_linux — versions 4.0, 5.0
- Opensuse — versions 10.3, 11.0, 11.1
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_SECUNIA, Broken Link, third-party-advisory)
- cve@mitre.org (x_refsource_SECUNIA, Broken Link, third-party-advisory)
- cve@mitre.org (x_refsource_SECUNIA, Broken Link, third-party-advisory)
- cve@mitre.org (vdb-entry, Broken Link, x_refsource_VUPEN)
- cve@mitre.org (x_refsource_SECUNIA, Broken Link, third-party-advisory)
- cve@mitre.org (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- cve@mitre.org (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- cve@mitre.org (x_refsource_SECUNIA, Broken Link, third-party-advisory)
- cve@mitre.org (x_refsource_SECUNIA, Broken Link, third-party-advisory)