CVE-2016-1237 - Vulnerability Details - OpenCVE

nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4
http://www.debian.org/security/2016/dsa-3607
http://www.openwall.com/lists/oss-security/2016/06/25/2
http://www.securityfocus.com/bid/91456
http://www.ubuntu.com/usn/USN-3053-1
http://www.ubuntu.com/usn/USN-3070-1
http://www.ubuntu.com/usn/USN-3070-2
http://www.ubuntu.com/usn/USN-3070-3
http://www.ubuntu.com/usn/USN-3070-4
https://bugzilla.redhat.com/show_bug.cgi?id=1350845
https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4
https://nvd.nist.gov/vuln/detail/CVE-2016-1237
https://www.cve.org/CVERecord?id=CVE-2016-1237

History

No history.

MITRE

Status: PUBLISHED

Assigner: debian

Published: 2016-06-29T14:00:00

Updated: 2024-08-05T22:48:13.629Z

Reserved: 2015-12-27T00:00:00

Link: CVE-2016-1237

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-06-29T14:10:01.457

Modified: 2024-11-21T02:46:00.700

Link: CVE-2016-1237

Redhat

Severity : Important

Publid Date: 2016-06-24T00:00:00Z

Links: CVE-2016-1237 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-06-25T00:00:00", "descriptions": [{"lang": "en", "value": "nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T20:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "USN-3070-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3070-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845"}, {"name": "USN-3053-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3053-1"}, {"name": "[oss-security] 20160625 Linux CVE-2016-1237: nfsd: any user can set a file's ACL over NFS and grant access to it", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/06/25/2"}, {"name": "USN-3070-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3070-3"}, {"name": "DSA-3607", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3607"}, {"name": "USN-3070-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3070-2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4"}, {"name": "91456", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91456"}, {"name": "USN-3070-4", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3070-4"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2016-1237", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3070-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3070-1"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845"}, {"name": "USN-3053-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3053-1"}, {"name": "[oss-security] 20160625 Linux CVE-2016-1237: nfsd: any user can set a file's ACL over NFS and grant access to it", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/06/25/2"}, {"name": "USN-3070-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3070-3"}, {"name": "DSA-3607", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3607"}, {"name": "USN-3070-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3070-2"}, {"name": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4"}, {"name": "91456", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91456"}, {"name": "USN-3070-4", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3070-4"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:48:13.629Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3070-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3070-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845"}, {"name": "USN-3053-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3053-1"}, {"name": "[oss-security] 20160625 Linux CVE-2016-1237: nfsd: any user can set a file's ACL over NFS and grant access to it", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/25/2"}, {"name": "USN-3070-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3070-3"}, {"name": "DSA-3607", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3607"}, {"name": "USN-3070-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3070-2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4"}, {"name": "91456", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91456"}, {"name": "USN-3070-4", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3070-4"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2016-1237", "datePublished": "2016-06-29T14:00:00", "dateReserved": "2015-12-27T00:00:00", "dateUpdated": "2024-08-05T22:48:13.629Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC099084-12C9-4396-ABC7-F389CFAD871E", "versionEndIncluding": "4.6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c."}, {"lang": "es", "value": "nfsd en el kernel de Linux hasta la versi\u00f3n 4.6.3 permite a usuarios locales eludir las restricciones destinadas al permiso de archivo ajustando una POSIX ACL relacionada con nfs2acl.c, nfs3acl.c y nfs4acl.c."}], "id": "CVE-2016-1237", "lastModified": "2024-11-21T02:46:00.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-29T14:10:01.457", "references": [{"source": "security@debian.org", "tags": ["Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4"}, {"source": "security@debian.org", "url": "http://www.debian.org/security/2016/dsa-3607"}, {"source": "security@debian.org", "url": "http://www.openwall.com/lists/oss-security/2016/06/25/2"}, {"source": "security@debian.org", "url": "http://www.securityfocus.com/bid/91456"}, {"source": "security@debian.org", "url": "http://www.ubuntu.com/usn/USN-3053-1"}, {"source": "security@debian.org", "url": "http://www.ubuntu.com/usn/USN-3070-1"}, {"source": "security@debian.org", "url": "http://www.ubuntu.com/usn/USN-3070-2"}, {"source": "security@debian.org", "url": "http://www.ubuntu.com/usn/USN-3070-3"}, {"source": "security@debian.org", "url": "http://www.ubuntu.com/usn/USN-3070-4"}, {"source": "security@debian.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845"}, {"source": "security@debian.org", "tags": ["Vendor Advisory"], "url": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2016/dsa-3607"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2016/06/25/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/91456"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-3053-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-3070-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-3070-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-3070-3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-3070-4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350845"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}