{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:24:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=a5cb60e624e4863c8d6feaf2ea8791abb48d6f15"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=5c95a57102e23e6982467cbe23e922450d3f38ed"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=d807e1c968c1f288486fb7d6f817434838fc12f7"}, {"name": "[oss-security] 20090724 nilfs-utils privilege escalation", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/07/24/4"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=505374"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2657", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.nilfs.org/git/?p=nilfs2-utils.git;a=commitdiff;h=a5cb60e624e4863c8d6feaf2ea8791abb48d6f15", "refsource": "CONFIRM", "url": "http://www.nilfs.org/git/?p=nilfs2-utils.git;a=commitdiff;h=a5cb60e624e4863c8d6feaf2ea8791abb48d6f15"}, {"name": "http://www.nilfs.org/git/?p=nilfs2-utils.git;a=commitdiff;h=5c95a57102e23e6982467cbe23e922450d3f38ed", "refsource": "CONFIRM", "url": "http://www.nilfs.org/git/?p=nilfs2-utils.git;a=commitdiff;h=5c95a57102e23e6982467cbe23e922450d3f38ed"}, {"name": "http://www.nilfs.org/git/?p=nilfs2-utils.git;a=commitdiff;h=d807e1c968c1f288486fb7d6f817434838fc12f7", "refsource": "CONFIRM", "url": "http://www.nilfs.org/git/?p=nilfs2-utils.git;a=commitdiff;h=d807e1c968c1f288486fb7d6f817434838fc12f7"}, {"name": "[oss-security] 20090724 nilfs-utils privilege escalation", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/07/24/4"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=505374", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=505374"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2657", "datePublished": "2022-10-03T16:24:05", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:24:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nilf:nilfs:*:*:*:*:*:*:*:*", "matchCriteriaId": "0525D730-AA3E-476D-8C4B-06429C2BF656", "versionEndIncluding": "2.0.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B3197F3B-BFC1-4E49-93CE-6905F37E5B12", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "14D3B8DD-4807-4AE4-AF9E-5787ABDA4F07", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A5F3928D-EF65-4AC4-8434-5CD365D26BB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "B15AA866-D57A-4160-A8A4-484780324708", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "66F8B68C-20DB-47B7-A08D-EE751B3E0014", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "0457D2C4-1692-4FEA-BCBA-C28ED551E2C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "4ABDCB1F-ED12-4352-927D-C1FA8F23E654", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "AA43728F-6636-4F00-83E6-E9BDAF37675F", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "6839A468-7AAB-49D3-800E-164026FBC37E", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "E25E1D19-2054-458A-BBD8-AC3A40046ED6", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "9ABD520E-589D-4B0E-8162-62103355DFA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "B65C6883-5251-44C2-B679-82D188BBA098", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "7DC8FF77-9C3F-482F-81D9-BBE4F6E21575", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "8BD4B5E6-71C7-4B13-81CF-A97A8469DE75", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "51E0B3B0-698E-4043-AB20-4CAC9040E579", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "ACF0A49D-AC5D-4E5D-968D-6ABC9832DA4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "E15571B4-6A8F-49EE-BDAA-E00F9BD683F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "C15CA21D-CB9B-4F3F-AB5C-FC202243FDC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:1.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "81DD2FBA-834C-4646-95C1-FAF96DBC54C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3E477B65-24C6-4A13-A31F-AB28DA67D64E", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F4104B28-C1FC-40AB-A56E-7E35A06FB144", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "AAD8DC56-05B1-4013-BB88-653EF4845594", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "602DAD58-1B2A-413F-996E-7F6F8259B248", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "8B24056A-1D69-4F72-B935-A9C993229B44", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "5F2851A8-46FB-41E2-A814-B791F0DB0407", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "C7723F3C-0662-42F3-B867-F2B212B0DE4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "D8E10C3B-653A-467B-9784-7ACA8221A10F", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "72093057-2DD7-415F-9C95-E8AFE76EC14A", "vulnerable": true}, {"criteria": "cpe:2.3:a:nilf:nilfs:2.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "DC8EBF46-845F-4706-87C2-51139CD7D852", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "nilfs-utils before 2.0.14 installs multiple programs with unnecessary setuid privileges, which allows local users to execute arbitrary commands via the device string in a -c command line option to mkfs.nilfs2."}, {"lang": "es", "value": "nilfs-utils anterior a v2.0.14 instala multiples programas con privilegios setuid innecesarios, lo que permite a usuarios locales ejecutar comandos de su elecci\u00f3n mediante la cadena de dispositivo en una opci\u00f3n -c de l\u00ednea de comandos en mkfs.nilfs2."}], "id": "CVE-2009-2657", "lastModified": "2023-11-07T02:04:11.460", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-04T16:30:00.390", "references": [{"source": "cve@mitre.org", "url": "http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=5c95a57102e23e6982467cbe23e922450d3f38ed"}, {"source": "cve@mitre.org", "url": "http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=a5cb60e624e4863c8d6feaf2ea8791abb48d6f15"}, {"source": "cve@mitre.org", "url": "http://www.nilfs.org/git/?p=nilfs2-utils.git%3Ba=commitdiff%3Bh=d807e1c968c1f288486fb7d6f817434838fc12f7"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2009/07/24/4"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=505374"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}