CVE-2008-4210

Severity

46%

Complexity

39%

Confidentiality

106%

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 16 years ago

2008-09-29 17:17:00

Last updated 7 years ago

2017-09-29 01:32:00

Affected Software

Linux Kernel 2.6.18

2.6.18

Linux Kernel 2.6.18 Release Candidate 1

2.6.18

Linux Kernel 2.6.18 Release Candidate 2

2.6.18

Linux Kernel 2.6.18 Release Candidate 3

2.6.18

Linux Kernel 2.6.18 Release Candidate 4

2.6.18

Linux Kernel 2.6.18 Release Candidate 5

2.6.18

Linux Kernel 2.6.18 Release Candidate 6

2.6.18

Linux Kernel 2.6.18 Release Candidate 7

2.6.18

Linux Kernel 2.6.19.4

2.6.19.4

Linux Kernel 2.6.19.5

2.6.19.5

Linux Kernel 2.6.19.6

2.6.19.6

Linux Kernel 2.6.19.7

2.6.19.7

Linux Kernel 2.6.20.16

2.6.20.16

Linux Kernel 2.6.20.17

2.6.20.17

Linux Kernel 2.6.20.18

2.6.20.18

Linux Kernel 2.6.20.19

2.6.20.19

Linux Kernel 2.6.20.20

2.6.20.20

Linux Kernel 2.6.20.21

2.6.20.21

Linux Kernel 2.6.21.5

2.6.21.5

Linux Kernel 2.6.21.6

2.6.21.6

Linux Kernel

References

http://bugzilla.kernel.org/show_bug.cgi?id=8420

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=7b82dc0e64e93f430182f36b46b79fcee87d3532

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22

SUSE-SA:2008:051

SUSE-SR:2008:025

SUSE-SA:2008:056

SUSE-SA:2008:057

RHSA-2008:0972

32237

32344

32356

32485

32759

32799

32918

33201

33280

DSA-1653

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22

MDVSA-2008:220

[oss-security] 20080924 CVE request: kernel: open() call allows setgid bit when user is not in new file's group

[oss-security] 20080924 Re: CVE request: kernel: open() call allows setgid bit when user is not in new file's group

RHSA-2008:0787

RHSA-2008:0957

RHSA-2008:0973

31368

Exploit

USN-679-1

https://bugzilla.redhat.com/show_bug.cgi?id=463661

linux-kernel-open-privilege-escalation(45539)

oval:org.mitre.oval:def:6386

oval:org.mitre.oval:def:9511

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.