CVE-2009-1072

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

Date published : 2009-03-24

http://www.securityfocus.com/bid/34205

http://www.securityfocus.com/archive/1/507985/100/0/threaded