retire issue

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1708 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 19 insertions, 0 deletions

diff --git a/retired/CVE-2009-3286 b/retired/CVE-2009-3286
new file mode 100644
index 00000000..7a8e888d
--- /dev/null
+++ b/retired/CVE-2009-3286
@@ -0,0 +1,19 @@
+Candidate: CVE-2009-3286
+Description:
+ There is an issue with O_EXCL creates on NFSv4 that with enough 
+ attempts, it is possible for a lingering file from a failed create that 
+ is world-writable but only setuid execute as the user who is attempting 
+ these creates. Fortunately, root is not susceptible to this bug, so a 
+ setuid root file should not be possible. It might be possible to exploit 
+ this to gain access as another user though.
+References:
+ http://www.openwall.com/lists/oss-security/2009/09/21/2
+ https://bugzilla.redhat.com/show_bug.cgi?id=524520#c0
+Ubuntu-Description:
+Notes:
+Bugs:
+upstream: released (2.6.30-rc1) [79fb54ab]
+linux-2.6: released (2.6.30-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-26etch1) [bugfix/all/nfsd4-reindent-do_open_lookup.patch, bugfix/all/nfsd4-fix-open-create-permissions.patch, bugfix/all/nfsd4-de-union-iattr-and-verf.patch]
+2.6.24-etch-security: released (2.6.24-6~etchnhalf.9etch1) [bugfix/all/nfsd4-de-union-iattr-and-verf.patch]
+2.6.26-lenny-security: released (2.6.26-19lenny1) [bugfix/all/nfsd4-de-union-iattr-and-verf.patch]