CVE - CVE-2008-4210

CVE-ID
CVE-2008-4210	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[oss-security] 20080924 CVE request: kernel: open() call allows setgid bit when user is not in new file's group URL:http://www.openwall.com/lists/oss-security/2008/09/24/5 MLIST:[oss-security] 20080924 Re: CVE request: kernel: open() call allows setgid bit when user is not in new file's group URL:http://www.openwall.com/lists/oss-security/2008/09/24/8 CONFIRM:http://bugzilla.kernel.org/show_bug.cgi?id=8420 CONFIRM:http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=7b82dc0e64e93f430182f36b46b79fcee87d3532 CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=463661 CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22 DEBIAN:DSA-1653 URL:http://www.debian.org/security/2008/dsa-1653 MANDRIVA:MDVSA-2008:220 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:220 REDHAT:RHSA-2008:0957 URL:http://www.redhat.com/support/errata/RHSA-2008-0957.html REDHAT:RHSA-2008:0972 URL:http://rhn.redhat.com/errata/RHSA-2008-0972.html REDHAT:RHSA-2008:0973 URL:http://www.redhat.com/support/errata/RHSA-2008-0973.html REDHAT:RHSA-2008:0787 URL:http://www.redhat.com/support/errata/RHSA-2008-0787.html SUSE:SUSE-SR:2008:025 URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html SUSE:SUSE-SA:2008:057 URL:http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html SUSE:SUSE-SA:2008:056 URL:http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html SUSE:SUSE-SA:2008:051 URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html UBUNTU:USN-679-1 URL:http://www.ubuntu.com/usn/usn-679-1 BID:31368 URL:http://www.securityfocus.com/bid/31368 OVAL:oval:org.mitre.oval:def:6386 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6386 OVAL:oval:org.mitre.oval:def:9511 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9511 SECUNIA:32485 URL:http://secunia.com/advisories/32485 SECUNIA:32799 URL:http://secunia.com/advisories/32799 SECUNIA:32918 URL:http://secunia.com/advisories/32918 SECUNIA:32759 URL:http://secunia.com/advisories/32759 SECUNIA:33201 URL:http://secunia.com/advisories/33201 SECUNIA:33280 URL:http://secunia.com/advisories/33280 SECUNIA:32237 URL:http://secunia.com/advisories/32237 SECUNIA:32344 URL:http://secunia.com/advisories/32344 SECUNIA:32356 URL:http://secunia.com/advisories/32356 XF:linux-kernel-open-privilege-escalation(45539) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45539
Assigning CNA
N/A
Date Entry Created
20080924	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080924)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org