CVE-2008-4210

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-4210
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://bugzilla.kernel.org/show_bug.cgi?id=8420
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=7b82dc0e64e93f430182f36b46b79fcee87d3532
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html
http://rhn.redhat.com/errata/RHSA-2008-0972.html
http://secunia.com/advisories/32237
http://secunia.com/advisories/32344
http://secunia.com/advisories/32356
http://secunia.com/advisories/32485
http://secunia.com/advisories/32759
http://secunia.com/advisories/32799
http://secunia.com/advisories/32918
http://secunia.com/advisories/33201
http://secunia.com/advisories/33280
http://www.debian.org/security/2008/dsa-1653
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
http://www.mandriva.com/security/advisories?name=MDVSA-2008:220
http://www.openwall.com/lists/oss-security/2008/09/24/5
http://www.openwall.com/lists/oss-security/2008/09/24/8
http://www.redhat.com/support/errata/RHSA-2008-0787.html
http://www.redhat.com/support/errata/RHSA-2008-0957.html
http://www.redhat.com/support/errata/RHSA-2008-0973.html
http://www.securityfocus.com/bid/31368 Exploit
http://www.ubuntu.com/usn/usn-679-1
https://bugzilla.redhat.com/show_bug.cgi?id=463661
https://exchange.xforce.ibmcloud.com/vulnerabilities/45539
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6386
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9511
http://bugzilla.kernel.org/show_bug.cgi?id=8420
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=7b82dc0e64e93f430182f36b46b79fcee87d3532
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html
http://rhn.redhat.com/errata/RHSA-2008-0972.html
http://secunia.com/advisories/32237
http://secunia.com/advisories/32344
http://secunia.com/advisories/32356
http://secunia.com/advisories/32485
http://secunia.com/advisories/32759
http://secunia.com/advisories/32799
http://secunia.com/advisories/32918
http://secunia.com/advisories/33201
http://secunia.com/advisories/33280
http://www.debian.org/security/2008/dsa-1653
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
http://www.mandriva.com/security/advisories?name=MDVSA-2008:220
http://www.openwall.com/lists/oss-security/2008/09/24/5
http://www.openwall.com/lists/oss-security/2008/09/24/8
http://www.redhat.com/support/errata/RHSA-2008-0787.html
http://www.redhat.com/support/errata/RHSA-2008-0957.html
http://www.redhat.com/support/errata/RHSA-2008-0973.html
http://www.securityfocus.com/bid/31368 Exploit
http://www.ubuntu.com/usn/usn-679-1
https://bugzilla.redhat.com/show_bug.cgi?id=463661
https://exchange.xforce.ibmcloud.com/vulnerabilities/45539
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6386
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9511
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.2.27:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.4.36:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.4.36.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.4.36.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.4.36.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.4.36.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.4.36.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.4.36.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.19.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.19.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.19.6:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.19.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.17:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.18:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.19:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.20:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.20.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.21.6:*:*:*:*:*:*:*
History

21 Nov 2024, 00:51

Type Values Removed Values Added
References () http://bugzilla.kernel.org/show_bug.cgi?id=8420 - () http://bugzilla.kernel.org/show_bug.cgi?id=8420 -
References () http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=7b82dc0e64e93f430182f36b46b79fcee87d3532 - () http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=7b82dc0e64e93f430182f36b46b79fcee87d3532 -
References () http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22 - () http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22 -
References () http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html - () http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html -
References () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html - () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html -
References () http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html - () http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html -
References () http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html - () http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html -
References () http://rhn.redhat.com/errata/RHSA-2008-0972.html - () http://rhn.redhat.com/errata/RHSA-2008-0972.html -
References () http://secunia.com/advisories/32237 - () http://secunia.com/advisories/32237 -
References () http://secunia.com/advisories/32344 - () http://secunia.com/advisories/32344 -
References () http://secunia.com/advisories/32356 - () http://secunia.com/advisories/32356 -
References () http://secunia.com/advisories/32485 - () http://secunia.com/advisories/32485 -
References () http://secunia.com/advisories/32759 - () http://secunia.com/advisories/32759 -
References () http://secunia.com/advisories/32799 - () http://secunia.com/advisories/32799 -
References () http://secunia.com/advisories/32918 - () http://secunia.com/advisories/32918 -
References () http://secunia.com/advisories/33201 - () http://secunia.com/advisories/33201 -
References () http://secunia.com/advisories/33280 - () http://secunia.com/advisories/33280 -
References () http://www.debian.org/security/2008/dsa-1653 - () http://www.debian.org/security/2008/dsa-1653 -
References () http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22 - () http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:220 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:220 -
References () http://www.openwall.com/lists/oss-security/2008/09/24/5 - () http://www.openwall.com/lists/oss-security/2008/09/24/5 -
References () http://www.openwall.com/lists/oss-security/2008/09/24/8 - () http://www.openwall.com/lists/oss-security/2008/09/24/8 -
References () http://www.redhat.com/support/errata/RHSA-2008-0787.html - () http://www.redhat.com/support/errata/RHSA-2008-0787.html -
References () http://www.redhat.com/support/errata/RHSA-2008-0957.html - () http://www.redhat.com/support/errata/RHSA-2008-0957.html -
References () http://www.redhat.com/support/errata/RHSA-2008-0973.html - () http://www.redhat.com/support/errata/RHSA-2008-0973.html -
References () http://www.securityfocus.com/bid/31368 - Exploit () http://www.securityfocus.com/bid/31368 - Exploit
References () http://www.ubuntu.com/usn/usn-679-1 - () http://www.ubuntu.com/usn/usn-679-1 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=463661 - () https://bugzilla.redhat.com/show_bug.cgi?id=463661 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/45539 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/45539 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6386 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6386 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9511 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9511 -

07 Nov 2023, 02:02

Type Values Removed Values Added
References
  • {'url': 'http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=7b82dc0e64e93f430182f36b46b79fcee87d3532', 'name': 'http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=7b82dc0e64e93f430182f36b46b79fcee87d3532', 'tags': [], 'refsource': 'CONFIRM'}
  • () http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=7b82dc0e64e93f430182f36b46b79fcee87d3532 -
Information

Published : 2008-09-29 17:17

Updated : 2024-11-21 00:51

NVD link : CVE-2008-4210

Mitre link : CVE-2008-4210

CVE.ORG link : CVE-2008-4210

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-264

Permissions, Privileges, and Access Controls


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024