Candidate: CVE-2009-3286
PublicDate: 2009-09-22 10:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3286
 http://www.openwall.com/lists/oss-security/2009/09/21/2
 https://ubuntu.com/security/notices/USN-852-1
Description:
 NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not
 properly clean up an inode when an O_EXCL create fails, which causes files
 to be created with insecure settings such as setuid bits, and possibly
 allows local users to gain privileges, related to the execution of the
 do_open_permission function even when a create fails.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=524520
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_linux-source-2.6.15:
upstream_linux-source-2.6.15: released (2.6.19~rc6)
dapper_linux-source-2.6.15: released (2.6.15-55.80)
hardy_linux-source-2.6.15: DNE
intrepid_linux-source-2.6.15: DNE
jaunty_linux-source-2.6.15: DNE
devel_linux-source-2.6.15: DNE

Patches_linux:
 break-fix: - 81ac95c5569d7a60ab5db6c1ccec56c12b3ebcb5
upstream_linux: released (2.6.19~rc6)
dapper_linux: DNE
hardy_linux: released (2.6.24-25.63)
intrepid_linux: released (2.6.27-15.43)
jaunty_linux: released (2.6.28-16.55)
devel_linux: not-affected