CVE - CVE-2009-4131

CVE-ID
CVE-2009-4131	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:37277 URL:http://www.securityfocus.com/bid/37277 MISC:37658 URL:http://secunia.com/advisories/37658 MISC:37686 URL:http://secunia.com/advisories/37686 MISC:38017 URL:http://secunia.com/advisories/38017 MISC:ADV-2009-3468 URL:~~http://www.vupen.com/english/advisories/2009/3468~~ (Obsolete source) MISC:FEDORA-2009-13039 URL:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00702.html MISC:MDVSA-2009:329 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:329~~ (Obsolete source) MISC:SUSE-SA:2010:001 URL:http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html MISC:USN-869-1 URL:http://www.ubuntu.com/usn/USN-869-1 MISC:[linux-kernel] 20091209 [GIT PULL] ext4 updates for v2.6.33 URL:http://lkml.org/lkml/2009/12/9/255 MISC:http://git.kernel.org/?p=linux/kernel/git/tytso/ext4.git%3Ba=commit%3Bh=4a58579b9e4e2a35d57e6c9c8483e52f6f1b7fd6 URL:http://git.kernel.org/?p=linux/kernel/git/tytso/ext4.git%3Ba=commit%3Bh=4a58579b9e4e2a35d57e6c9c8483e52f6f1b7fd6 MISC:http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git6.log URL:http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git6.log MISC:http://www.theregister.co.uk/2009/12/11/linux_kernel_bugs_patched/ URL:http://www.theregister.co.uk/2009/12/11/linux_kernel_bugs_patched/ MISC:https://bugzilla.redhat.com/show_bug.cgi?id=544471 URL:https://bugzilla.redhat.com/show_bug.cgi?id=544471
Assigning CNA
Red Hat, Inc.
Date Record Created
20091201	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20091201)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)