CVE-2009-2657

{"id": "CVE-2009-2657", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2009-08-04T16:30:00.390", "references": [{"url": "http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=5c95a57102e23e6982467cbe23e922450d3f38ed", "source": "cve@mitre.org"}, {"url": "http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=a5cb60e624e4863c8d6feaf2ea8791abb48d6f15", "source": "cve@mitre.org"}, {"url": "http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=d807e1c968c1f288486fb7d6f817434838fc12f7", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2009/07/24/4", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=505374", "source": "cve@mitre.org"}, {"url": "http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=5c95a57102e23e6982467cbe23e922450d3f38ed", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=a5cb60e624e4863c8d6feaf2ea8791abb48d6f15", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=d807e1c968c1f288486fb7d6f817434838fc12f7", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2009/07/24/4", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=505374", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2."}, {"lang": "es", "value": "nilfs-utils anterior a v2.0.14 instala multiples programas con privilegios setuid innecesarios, lo que permite a usuarios locales ejecutar comandos de su elecci\u00f3n mediante la cadena de dispositivo en una opci\u00f3n -c de l\u00ednea de comandos en mkfs.nilfs2."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nilf:nilfs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0525D730-AA3E-476D-8C4B-06429C2BF656", "versionEndIncluding": "2.0.13"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3197F3B-BFC1-4E49-93CE-6905F37E5B12"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14D3B8DD-4807-4AE4-AF9E-5787ABDA4F07"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5F3928D-EF65-4AC4-8434-5CD365D26BB2"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B15AA866-D57A-4160-A8A4-484780324708"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66F8B68C-20DB-47B7-A08D-EE751B3E0014"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0457D2C4-1692-4FEA-BCBA-C28ED551E2C4"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4ABDCB1F-ED12-4352-927D-C1FA8F23E654"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA43728F-6636-4F00-83E6-E9BDAF37675F"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6839A468-7AAB-49D3-800E-164026FBC37E"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E25E1D19-2054-458A-BBD8-AC3A40046ED6"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ABD520E-589D-4B0E-8162-62103355DFA5"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B65C6883-5251-44C2-B679-82D188BBA098"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DC8FF77-9C3F-482F-81D9-BBE4F6E21575"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BD4B5E6-71C7-4B13-81CF-A97A8469DE75"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51E0B3B0-698E-4043-AB20-4CAC9040E579"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACF0A49D-AC5D-4E5D-968D-6ABC9832DA4F"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E15571B4-6A8F-49EE-BDAA-E00F9BD683F3"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C15CA21D-CB9B-4F3F-AB5C-FC202243FDC5"}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81DD2FBA-834C-4646-95C1-FAF96DBC54C1"}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E477B65-24C6-4A13-A31F-AB28DA67D64E"}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4104B28-C1FC-40AB-A56E-7E35A06FB144"}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAD8DC56-05B1-4013-BB88-653EF4845594"}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "602DAD58-1B2A-413F-996E-7F6F8259B248"}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B24056A-1D69-4F72-B935-A9C993229B44"}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F2851A8-46FB-41E2-A814-B791F0DB0407"}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7723F3C-0662-42F3-B867-F2B212B0DE4B"}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8E10C3B-653A-467B-9784-7ACA8221A10F"}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72093057-2DD7-415F-9C95-E8AFE76EC14A"}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC8EBF46-845F-4706-87C2-51139CD7D852"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}