Unrated severityNVD Advisory· Published May 14, 2009· Updated Jun 16, 2026

CVE-2009-1630

Description

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Canonical/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Linux/Kernel2 versions
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <=2.6.29.3
- (no CPE)range: <=2.6.29.3
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
VMware/Esx4 versions
cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

bugzilla.linux-nfs.org/show_bug.cginvdIssue TrackingPatchThird Party Advisory
www.vmware.com/security/advisories/VMSA-2009-0016.htmlnvdPatchThird Party Advisory
article.gmane.org/gmane.linux.nfs/26592nvdExploit
www.openwall.com/lists/oss-security/2009/05/13/2nvdExploitMailing ListThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdExploitIssue TrackingPatchThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.htmlnvdMailing ListThird Party Advisory
www.debian.org/security/2009/dsa-1809nvdThird Party Advisory
www.debian.org/security/2009/dsa-1844nvdThird Party Advisory
www.debian.org/security/2009/dsa-1865nvdThird Party Advisory
www.securityfocus.com/archive/1/505254/100/0/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/archive/1/507985/100/0/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/34934nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/usn-793-1nvdThird Party Advisory
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8543nvdThird Party Advisory
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9990nvdThird Party Advisory
linux-nfs.org/pipermail/nfsv4/2006-November/005313.htmlnvdBroken Link
linux-nfs.org/pipermail/nfsv4/2006-November/005323.htmlnvdBroken Link
secunia.com/advisories/35106nvdBroken Link
secunia.com/advisories/35298nvdBroken Link
secunia.com/advisories/35394nvdBroken Link
secunia.com/advisories/35656nvdBroken Link
secunia.com/advisories/35847nvdBroken Link
secunia.com/advisories/36051nvdBroken Link
secunia.com/advisories/36327nvdBroken Link
secunia.com/advisories/37471nvdBroken Link
wiki.rpath.com/Advisories:rPSA-2009-0111nvdBroken Link
www.mandriva.com/security/advisoriesnvdBroken Link
www.mandriva.com/security/advisoriesnvdBroken Link
www.redhat.com/support/errata/RHSA-2009-1157.htmlnvdBroken Link
www.vupen.com/english/advisories/2009/1331nvdBroken Link
www.vupen.com/english/advisories/2009/3316nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000