Upstream information

CVE-2009-3286 at MITRE

Description

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.6
Vector AV:L/AC:L/Au:N/C:P/I:P/A:P
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 541648 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11
  • ext4dev-kmp-default >= 0_2.6.27.39_0.3-7.1.22
  • ext4dev-kmp-pae >= 0_2.6.27.23_0.1-7.1.7
  • ext4dev-kmp-ppc64 >= 0_2.6.27.39_0.3-7.1.22
  • ext4dev-kmp-vmi >= 0_2.6.27.23_0.1-7.1.7
  • ext4dev-kmp-xen >= 0_2.6.27.23_0.1-7.1.7
  • iscsitarget-kmp-default >= 0.4.15_2.6.27.54_0.2-94.14.8
  • kernel-default >= 2.6.27.39-0.3.1
  • kernel-default-base >= 2.6.27.39-0.3.1
  • kernel-default-man >= 2.6.27.23-0.1.1
  • kernel-kdump >= 2.6.27.39-0.3.1
  • kernel-pae >= 2.6.27.23-0.1.1
  • kernel-pae-base >= 2.6.27.23-0.1.1
  • kernel-ppc64 >= 2.6.27.39-0.3.1
  • kernel-ppc64-base >= 2.6.27.39-0.3.1
  • kernel-source >= 2.6.27.39-0.3.1
  • kernel-syms >= 2.6.27.39-0.3.1
  • kernel-vmi >= 2.6.27.23-0.1.1
  • kernel-vmi-base >= 2.6.27.23-0.1.1
  • kernel-xen >= 2.6.27.23-0.1.1
  • kernel-xen-base >= 2.6.27.23-0.1.1
  • oracleasm-kmp-default >= 2.0.5_2.6.27.54_0.2-7.9.1
Patchnames:
slessp0-kernel
SUSE Linux Enterprise Server for SAP Applications 11
  • ext4dev-kmp-default >= 0_2.6.27.39_0.3-7.1.22
  • ext4dev-kmp-pae >= 0_2.6.27.23_0.1-7.1.7
  • ext4dev-kmp-ppc64 >= 0_2.6.27.23_0.1-7.1.7
  • ext4dev-kmp-vmi >= 0_2.6.27.23_0.1-7.1.7
  • ext4dev-kmp-xen >= 0_2.6.27.39_0.3-7.1.22
  • iscsitarget-kmp-default >= 0.4.15_2.6.27.54_0.2-94.14.8
  • kernel-default >= 2.6.27.39-0.3.1
  • kernel-default-base >= 2.6.27.39-0.3.1
  • kernel-default-man >= 2.6.27.23-0.1.1
  • kernel-kdump >= 2.6.27.23-0.1.1
  • kernel-pae >= 2.6.27.23-0.1.1
  • kernel-pae-base >= 2.6.27.23-0.1.1
  • kernel-ppc64 >= 2.6.27.23-0.1.1
  • kernel-ppc64-base >= 2.6.27.23-0.1.1
  • kernel-source >= 2.6.27.39-0.3.1
  • kernel-syms >= 2.6.27.39-0.3.1
  • kernel-vmi >= 2.6.27.23-0.1.1
  • kernel-vmi-base >= 2.6.27.23-0.1.1
  • kernel-xen >= 2.6.27.39-0.3.1
  • kernel-xen-base >= 2.6.27.39-0.3.1
  • oracleasm-kmp-default >= 2.0.5_2.6.27.54_0.2-7.9.1
Patchnames:
slessp0-kernel
openSUSE 11.0
  • kernel-debug-debuginfo >= 2.6.25.20-0.6
  • kernel-debug-debugsource >= 2.6.25.20-0.6
  • kernel-default-debuginfo >= 2.6.25.20-0.6
  • kernel-default-debugsource >= 2.6.25.20-0.6
  • kernel-kdump-debuginfo >= 2.6.25.20-0.6
  • kernel-kdump-debugsource >= 2.6.25.20-0.6
  • kernel-pae-debuginfo >= 2.6.25.20-0.6
  • kernel-pae-debugsource >= 2.6.25.20-0.6
  • kernel-ppc64-debuginfo >= 2.6.25.20-0.6
  • kernel-ppc64-debugsource >= 2.6.25.20-0.6
  • kernel-ps3-debuginfo >= 2.6.25.20-0.6
  • kernel-ps3-debugsource >= 2.6.25.20-0.6
  • kernel-source-debuginfo >= 2.6.25.20-0.6
  • kernel-vanilla-debuginfo >= 2.6.25.20-0.6
  • kernel-vanilla-debugsource >= 2.6.25.20-0.6
  • kernel-xen-debuginfo >= 2.6.25.20-0.6
  • kernel-xen-debugsource >= 2.6.25.20-0.6
openSUSE 11.0
  • acerhk-kmp-debug >= 0.5.35_2.6.25.20_0.6-98.1
  • acx-kmp-debug >= 20080210_2.6.25.20_0.6-4.1
  • appleir-kmp-debug >= 1.1_2.6.25.20_0.6-108.1
  • at76_usb-kmp-debug >= 0.17_2.6.25.20_0.6-2.1
  • atl2-kmp-debug >= 2.0.4_2.6.25.20_0.6-4.1
  • aufs-kmp-debug >= cvs20080429_2.6.25.20_0.6-13.3
  • dazuko-kmp-debug >= 2.3.4.4_2.6.25.20_0.6-42.1
  • drbd-kmp-debug >= 8.2.6_2.6.25.20_0.6-0.2
  • gspcav-kmp-debug >= 01.00.20_2.6.25.20_0.6-1.1
  • iscsitarget-kmp-debug >= 0.4.15_2.6.25.20_0.6-63.1
  • ivtv-kmp-debug >= 1.0.3_2.6.25.20_0.6-66.1
  • kernel-debug >= 2.6.25.20-0.6
  • kernel-default >= 2.6.25.20-0.6
  • kernel-docs >= 2.6.25.20-0.6
  • kernel-kdump >= 2.6.25.20-0.6
  • kernel-pae >= 2.6.25.20-0.6
  • kernel-ppc64 >= 2.6.25.20-0.6
  • kernel-ps3 >= 2.6.25.20-0.6
  • kernel-source >= 2.6.25.20-0.6
  • kernel-syms >= 2.6.25.20-0.6
  • kernel-vanilla >= 2.6.25.20-0.6
  • kernel-xen >= 2.6.25.20-0.6
  • kqemu-kmp-debug >= 1.3.0pre11_2.6.25.20_0.6-7.1
  • nouveau-kmp-debug >= 0.10.1.20081112_2.6.25.20_0.6-0.4
  • omnibook-kmp-debug >= 20080313_2.6.25.20_0.6-1.1
  • pcc-acpi-kmp-debug >= 0.9_2.6.25.20_0.6-4.1
  • pcfclock-kmp-debug >= 0.44_2.6.25.20_0.6-207.1
  • tpctl-kmp-debug >= 4.17_2.6.25.20_0.6-189.1
  • uvcvideo-kmp-debug >= r200_2.6.25.20_0.6-2.4
  • virtualbox-ose-kmp-debug >= 1.5.6_2.6.25.20_0.6-33.5
  • vmware-kmp-debug >= 2008.04.14_2.6.25.20_0.6-21.1
  • wlan-ng-kmp-debug >= 0.2.8_2.6.25.20_0.6-107.1
SUSE Linux Enterprise High Availability Extension 11
  • cluster-network-kmp-default >= 1.4_2.6.27.39_0.3-2.1.22
  • cluster-network-kmp-xen >= 1.4_2.6.27.39_0.3-2.1.22
sle11-hae.x86-64
sled11.x86-64
sles11.x86-64
sle11-debuginfo.x86-64
SAT Patch Nr: 1581
SUSE Linux Enterprise Desktop 11 GA
  • kernel-default >= 2.6.27.39-0.3.1
  • kernel-default-base >= 2.6.27.39-0.3.1
  • kernel-default-extra >= 2.6.27.39-0.3.1
  • kernel-source >= 2.6.27.39-0.3.1
  • kernel-syms >= 2.6.27.39-0.3.1
  • kernel-xen >= 2.6.27.39-0.3.1
  • kernel-xen-base >= 2.6.27.39-0.3.1
  • kernel-xen-extra >= 2.6.27.39-0.3.1
sle11-hae.x86-64
sled11.x86-64
sles11.x86-64
sle11-debuginfo.x86-64
SAT Patch Nr: 1581
SUSE Linux Enterprise Server 11 GA
  • ext4dev-kmp-default >= 0_2.6.27.39_0.3-7.1.22
  • ext4dev-kmp-xen >= 0_2.6.27.39_0.3-7.1.22
  • kernel-default >= 2.6.27.39-0.3.1
  • kernel-default-base >= 2.6.27.39-0.3.1
  • kernel-source >= 2.6.27.39-0.3.1
  • kernel-syms >= 2.6.27.39-0.3.1
  • kernel-xen >= 2.6.27.39-0.3.1
  • kernel-xen-base >= 2.6.27.39-0.3.1
sle11-hae.x86-64
sled11.x86-64
sles11.x86-64
sle11-debuginfo.x86-64
SAT Patch Nr: 1581
SUSE Linux Enterprise Realtime 10 SP2
  • ib-bonding-kmp-rt >= 0.9.0_2.6.22.19_0.35-1.21.1
  • ib-bonding-kmp-rt_bigsmp >= 0.9.0_2.6.22.19_0.35-1.21.1
  • ib-bonding-kmp-rt_debug >= 0.9.0_2.6.22.19_0.35-1.21.1
  • ib-bonding-kmp-rt_timing >= 0.9.0_2.6.22.19_0.35-1.21.1
  • kernel-rt >= 2.6.22.19-0.35
  • kernel-rt_bigsmp >= 2.6.22.19-0.35
  • kernel-rt_debug >= 2.6.22.19-0.35
  • kernel-rt_timing >= 2.6.22.19-0.35
  • kernel-source >= 2.6.22.19-0.35
  • kernel-syms >= 2.6.22.19-0.35
  • ofed >= 1.3-0.33.4
  • ofed-cxgb3-NIC-kmp-rt >= 1.3_2.6.22.19_0.35-0.18.1
  • ofed-cxgb3-NIC-kmp-rt_bigsmp >= 1.3_2.6.22.19_0.35-0.18.1
  • ofed-cxgb3-NIC-kmp-rt_debug >= 1.3_2.6.22.19_0.35-0.18.1
  • ofed-cxgb3-NIC-kmp-rt_timing >= 1.3_2.6.22.19_0.35-0.18.1
  • ofed-doc >= 1.3-0.33.4
  • ofed-kmp-rt >= 1.3_2.6.22.19_0.35-0.33.4
  • ofed-kmp-rt_bigsmp >= 1.3_2.6.22.19_0.35-0.33.4
  • ofed-kmp-rt_debug >= 1.3_2.6.22.19_0.35-0.33.4
  • ofed-kmp-rt_timing >= 1.3_2.6.22.19_0.35-0.33.4
sles10-sp2.x86
sles10-sp2.x86-64
ZYPP Patch Nr: 6705
SUSE Linux Enterprise Realtime 10 SP2
  • ib-bonding-kmp-rt >= 0.9.0_2.6.22.19_0.35-1.21.1
  • ib-bonding-kmp-rt_debug >= 0.9.0_2.6.22.19_0.35-1.21.1
  • ib-bonding-kmp-rt_timing >= 0.9.0_2.6.22.19_0.35-1.21.1
  • kernel-rt >= 2.6.22.19-0.35
  • kernel-rt_debug >= 2.6.22.19-0.35
  • kernel-rt_timing >= 2.6.22.19-0.35
  • kernel-source >= 2.6.22.19-0.35
  • kernel-syms >= 2.6.22.19-0.35
  • ofed >= 1.3-0.33.4
  • ofed-cxgb3-NIC-kmp-rt >= 1.3_2.6.22.19_0.35-0.18.1
  • ofed-cxgb3-NIC-kmp-rt_debug >= 1.3_2.6.22.19_0.35-0.18.1
  • ofed-cxgb3-NIC-kmp-rt_timing >= 1.3_2.6.22.19_0.35-0.18.1
  • ofed-doc >= 1.3-0.33.4
  • ofed-kmp-rt >= 1.3_2.6.22.19_0.35-0.33.4
  • ofed-kmp-rt_debug >= 1.3_2.6.22.19_0.35-0.33.4
  • ofed-kmp-rt_timing >= 1.3_2.6.22.19_0.35-0.33.4
sles10-sp2.x86
sles10-sp2.x86-64
ZYPP Patch Nr: 6705
openSUSE 11.1
  • kernel-debug-debuginfo >= 2.6.27.39-0.2.1
  • kernel-debug-debugsource >= 2.6.27.39-0.2.1
  • kernel-default-debuginfo >= 2.6.27.39-0.2.1
  • kernel-default-debugsource >= 2.6.27.39-0.2.1
  • kernel-kdump-debuginfo >= 2.6.27.39-0.2.1
  • kernel-kdump-debugsource >= 2.6.27.39-0.2.1
  • kernel-pae-debuginfo >= 2.6.27.39-0.2.1
  • kernel-pae-debugsource >= 2.6.27.39-0.2.1
  • kernel-ppc64-debuginfo >= 2.6.27.39-0.2.1
  • kernel-ppc64-debugsource >= 2.6.27.39-0.2.1
  • kernel-ps3-debuginfo >= 2.6.27.39-0.2.1
  • kernel-ps3-debugsource >= 2.6.27.39-0.2.1
  • kernel-source-debuginfo >= 2.6.27.39-0.2.1
  • kernel-trace-debuginfo >= 2.6.27.39-0.2.1
  • kernel-trace-debugsource >= 2.6.27.39-0.2.1
  • kernel-vanilla-debuginfo >= 2.6.27.39-0.2.1
  • kernel-vanilla-debugsource >= 2.6.27.39-0.2.1
  • kernel-xen-debuginfo >= 2.6.27.39-0.2.1
  • kernel-xen-debugsource >= 2.6.27.39-0.2.1
openSUSE 11.1
  • kernel-debug >= 2.6.27.39-0.2.1
  • kernel-debug-base >= 2.6.27.39-0.2.1
  • kernel-debug-extra >= 2.6.27.39-0.2.1
  • kernel-default >= 2.6.27.39-0.2.1
  • kernel-default-base >= 2.6.27.39-0.2.1
  • kernel-default-extra >= 2.6.27.39-0.2.1
  • kernel-docs >= 2.6.3-3.13.66
  • kernel-kdump >= 2.6.27.39-0.2.1
  • kernel-pae >= 2.6.27.39-0.2.1
  • kernel-pae-base >= 2.6.27.39-0.2.1
  • kernel-pae-extra >= 2.6.27.39-0.2.1
  • kernel-ppc64 >= 2.6.27.39-0.2.1
  • kernel-ppc64-base >= 2.6.27.39-0.2.1
  • kernel-ppc64-extra >= 2.6.27.39-0.2.1
  • kernel-ps3 >= 2.6.27.39-0.2.1
  • kernel-source >= 2.6.27.39-0.2.1
  • kernel-syms >= 2.6.27.39-0.2.1
  • kernel-trace >= 2.6.27.39-0.2.1
  • kernel-trace-base >= 2.6.27.39-0.2.1
  • kernel-trace-extra >= 2.6.27.39-0.2.1
  • kernel-vanilla >= 2.6.27.39-0.2.1
  • kernel-xen >= 2.6.27.39-0.2.1
  • kernel-xen-base >= 2.6.27.39-0.2.1
  • kernel-xen-extra >= 2.6.27.39-0.2.1
SUSE Linux Enterprise High Availability Extension 11
  • cluster-network-kmp-default >= 1.4_2.6.27.39_0.3-2.1.22
sle11-hae.ppc
sle11-debuginfo.ppc
sles11.ppc
SAT Patch Nr: 1590
SUSE Linux Enterprise Server 11 GA
  • ext4dev-kmp-default >= 0_2.6.27.39_0.3-7.1.22
  • ext4dev-kmp-ppc64 >= 0_2.6.27.39_0.3-7.1.22
  • kernel-default >= 2.6.27.39-0.3.1
  • kernel-default-base >= 2.6.27.39-0.3.1
  • kernel-kdump >= 2.6.27.39-0.3.1
  • kernel-ppc64 >= 2.6.27.39-0.3.1
  • kernel-ppc64-base >= 2.6.27.39-0.3.1
  • kernel-source >= 2.6.27.39-0.3.1
  • kernel-syms >= 2.6.27.39-0.3.1
sle11-hae.ppc
sle11-debuginfo.ppc
sles11.ppc
SAT Patch Nr: 1590
SUSE Linux Enterprise High Availability Extension 11
  • cluster-network-kmp-default >= 1.4_2.6.27.39_0.3-2.1.22
  • cluster-network-kmp-pae >= 1.4_2.6.27.39_0.3-2.1.22
  • cluster-network-kmp-xen >= 1.4_2.6.27.39_0.3-2.1.22
sle11-debuginfo.x86
sles11.x86
sled11.x86
sle11-hae.x86
SAT Patch Nr: 1588
SUSE Linux Enterprise Desktop 11 GA
  • kernel-default >= 2.6.27.39-0.3.1
  • kernel-default-base >= 2.6.27.39-0.3.1
  • kernel-default-extra >= 2.6.27.39-0.3.1
  • kernel-pae >= 2.6.27.39-0.3.1
  • kernel-pae-base >= 2.6.27.39-0.3.1
  • kernel-pae-extra >= 2.6.27.39-0.3.1
  • kernel-source >= 2.6.27.39-0.3.1
  • kernel-syms >= 2.6.27.39-0.3.1
  • kernel-xen >= 2.6.27.39-0.3.1
  • kernel-xen-base >= 2.6.27.39-0.3.1
  • kernel-xen-extra >= 2.6.27.39-0.3.1
sle11-debuginfo.x86
sles11.x86
sled11.x86
sle11-hae.x86
SAT Patch Nr: 1588
SUSE Linux Enterprise Server 11 GA
  • ext4dev-kmp-default >= 0_2.6.27.39_0.3-7.1.22
  • ext4dev-kmp-pae >= 0_2.6.27.39_0.3-7.1.22
  • ext4dev-kmp-vmi >= 0_2.6.27.39_0.3-7.1.22
  • ext4dev-kmp-xen >= 0_2.6.27.39_0.3-7.1.22
  • kernel-default >= 2.6.27.39-0.3.1
  • kernel-default-base >= 2.6.27.39-0.3.1
  • kernel-pae >= 2.6.27.39-0.3.1
  • kernel-pae-base >= 2.6.27.39-0.3.1
  • kernel-source >= 2.6.27.39-0.3.1
  • kernel-syms >= 2.6.27.39-0.3.1
  • kernel-vmi >= 2.6.27.39-0.3.1
  • kernel-vmi-base >= 2.6.27.39-0.3.1
  • kernel-xen >= 2.6.27.39-0.3.1
  • kernel-xen-base >= 2.6.27.39-0.3.1
sle11-debuginfo.x86
sles11.x86
sled11.x86
sle11-hae.x86
SAT Patch Nr: 1588
SUSE Linux Enterprise High Availability Extension 11
  • cluster-network-kmp-default >= 1.4_2.6.27.39_0.3-2.1.22
sle11-hae.ia64
sle11-debuginfo.ia64
sles11.ia64
SAT Patch Nr: 1589
SUSE Linux Enterprise Server 11 GA
  • ext4dev-kmp-default >= 0_2.6.27.39_0.3-7.1.22
  • kernel-default >= 2.6.27.39-0.3.1
  • kernel-default-base >= 2.6.27.39-0.3.1
  • kernel-source >= 2.6.27.39-0.3.1
  • kernel-syms >= 2.6.27.39-0.3.1
sle11-hae.ia64
sle11-debuginfo.ia64
sles11.ia64
SAT Patch Nr: 1589
SUSE Linux Enterprise High Availability Extension 11
  • cluster-network-kmp-default >= 1.4_2.6.27.39_0.3-2.1.22
sles11.s390x
sle11-debuginfo.s390x
sle11-hae.s390x
SAT Patch Nr: 1591
SUSE Linux Enterprise Server 11 GA
  • ext4dev-kmp-default >= 0_2.6.27.39_0.3-7.1.22
  • kernel-default >= 2.6.27.39-0.3.1
  • kernel-default-base >= 2.6.27.39-0.3.1
  • kernel-default-man >= 2.6.27.39-0.3.1
  • kernel-source >= 2.6.27.39-0.3.1
  • kernel-syms >= 2.6.27.39-0.3.1
sles11.s390x
sle11-debuginfo.s390x
sle11-hae.s390x
SAT Patch Nr: 1591