CVE Vulnerabilities

CVE-2008-4210

Published: Sep 29, 2008 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux 2.6.18 2.6.18
Linux_kernel Linux 2.6.18 2.6.18
Linux_kernel Linux 2.4.36.6 2.4.36.6
Linux_kernel Linux 2.6.18 2.6.18
Linux_kernel Linux 2.6.18 2.6.18
Linux_kernel Linux 2.6.21.6 2.6.21.6
Linux_kernel Linux 2.4.36.2 2.4.36.2
Linux_kernel Linux 2.6.20.16 2.6.20.16
Linux_kernel Linux 2.6.19.4 2.6.19.4
Linux_kernel Linux 2.6.20.21 2.6.20.21
Linux_kernel Linux 2.4.36.1 2.4.36.1
Linux_kernel Linux 2.6.20.17 2.6.20.17
Linux_kernel Linux 2.6.21.5 2.6.21.5
Linux_kernel Linux 2.4.36.4 2.4.36.4
Linux_kernel Linux 2.6.20.20 2.6.20.20
Linux_kernel Linux 2.4.36.3 2.4.36.3
Linux_kernel Linux 2.6.20.18 2.6.20.18
Linux_kernel Linux 2.6.19.7 2.6.19.7
Linux_kernel Linux 2.6.20.19 2.6.20.19
Linux_kernel Linux 2.6.18 2.6.18
Linux_kernel Linux 2.4.36 2.4.36
Linux_kernel Linux 2.6.19.6 2.6.19.6
Linux_kernel Linux 2.6.18 2.6.18
Linux_kernel Linux 2.6.19.5 2.6.19.5
Linux_kernel Linux 2.6.18 2.6.18
Linux_kernel Linux 2.4.36.5 2.4.36.5
Linux_kernel Linux 2.2.27 2.2.27
Linux_kernel Linux * 2.6.21.7
Linux_kernel Linux 2.6.18 2.6.18
Linux_kernel Linux 2.6 2.6

References