Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Redhat Redhat Enterprise_linux 权限许可和访问控制漏洞
Vulnerability Description
Red Hat Enterprise Linux (RHEL) 3版本的内核状态下的NFS客户端,当一个文件系统通过noacl操作加载(mounted)时,检查许可权限通过vfs_permission (mode bits) data的开放系统调用权限优先于NFS ACCESS访问调用服务,使本地客户进程从服务器开放访问中获得假的成功状况,并可能获得服务器文件许可的敏感信息,比如在一个root_squash环境中。
CVSS Information
N/A
Vulnerability Type
N/A