Launchpad.net

CVE 2008-4210

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2008092...
MLIST: [oss-security] 2008092...
CONFIRM: http://bugzilla.kernel...
CONFIRM: http://git.kernel.org/...
CONFIRM: http://www.kernel.org/...
CONFIRM: https://bugzilla.redha...
BID: 31368
CONFIRM: http://kernel.org/pub/...
REDHAT: RHSA-2008:0957
SECUNIA: 32485
REDHAT: RHSA-2008:0972
SECUNIA: 32799
SUSE: SUSE-SR:2008:025
UBUNTU: USN-679-1
SECUNIA: 32918
SECUNIA: 32759
SUSE: SUSE-SA:2008:057
REDHAT: RHSA-2008:0973
SUSE: SUSE-SA:2008:056
SECUNIA: 33201
REDHAT: RHSA-2008:0787
SECUNIA: 33280
DEBIAN: DSA-1653
SECUNIA: 32237
MANDRIVA: MDVSA-2008:220
SUSE: SUSE-SA:2008:051
SECUNIA: 32344
SECUNIA: 32356
XF: linux-kernel-open-priv...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...

Launchpad.net

CVE 2008-4210

Related bugs

References