#VU92457 Improper access control in Linux kernel - CVE-2016-1237

Vulnerability identifier: #VU92457

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-1237

CWE-ID: CWE-284

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper access control error within the nfsd4_set_nfs4_acl() function in fs/nfsd/nfs4acl.c, within the nfsd3_proc_setacl() function in fs/nfsd/nfs3acl.c, within the nfsacld_proc_setacl() and posix_acl_release() functions in fs/nfsd/nfs2acl.c. A local user can gain access to sensitive information.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=999653786df6954a31044528ac3f7a5dadca08f4
https://www.debian.org/security/2016/dsa-3607
https://www.openwall.com/lists/oss-security/2016/06/25/2
https://www.securityfocus.com/bid/91456
https://www.ubuntu.com/usn/USN-3053-1
https://www.ubuntu.com/usn/USN-3070-1
https://www.ubuntu.com/usn/USN-3070-2
https://www.ubuntu.com/usn/USN-3070-3
https://www.ubuntu.com/usn/USN-3070-4
https://bugzilla.redhat.com/show_bug.cgi?id=1350845
https://github.com/torvalds/linux/commit/999653786df6954a31044528ac3f7a5dadca08f4

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.