Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed

Permalink CVE-1999-0084

8.4 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 1 week ago
@LeSuisse removed
15 packages
- python312Packages.pynfsclient
- perl538Packages.FileNFSLock
- perl5Packages.FileNFSLock
- perlPackages.FileNFSLock
- mkinitcpio-nfs-utils
- nfs-ganesha
- nfs-utils
- openfst
- unfs3
- libnfs
- svnfs
- nfstrace
- unionfs-fuse
- coqPackages.InfSeqExt
- perl540Packages.FileNFSLock
1 month ago
@LeSuisse dismissed 1 month ago

Certain NFS servers allow users to use mknod to gain …

Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.

References

nfs-mknod(78) vdb-entry x_refsource_XF
nfs-mknod(78) vdb-entry x_refsource_XF x_transferred
nfs-mknod(78) vdb-entry x_refsource_XF
nfs-mknod(78) vdb-entry x_refsource_XF x_transferred

Affected products

n/a

==n/a

nfs

<4.1.3

Old issue. Unclear what was impacted but it is very unlikely something in the current stable branch is.