Home > Vulnerability Database > CVE-2005-3623

Mend.io Vulnerability Database

CVE-2005-3623

Date: February 13, 2006

nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.

Severity Score

5.3

Related Resources (14)

Url: http://www.novell.com/linux/security/advisories/2006_06_kernel.html

Url: http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm

Url: http://www.securityfocus.com/bid/16570

Url: https://nvd.nist.gov/vuln/detail/CVE-2005-3623

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2005-3623

Url: http://www.redhat.com/support/errata/RHSA-2006-0575.html

Url: http://secunia.com/advisories/18788

Url: http://secunia.com/advisories/19038

Url: http://secunia.com/advisories/21465

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707

Url: http://lkml.org/lkml/2005/12/23/171

Url: http://secunia.com/advisories/22417

Url: http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html

Url: https://www.mend.io/vulnerability-database/CVE-2005-3623

Severity Score

5.3

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Missing Authorization

CWE-862

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2005-3623

Date: February 13, 2006

Severity Score

Related Resources (14)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?