CVE-2008-1940

2008-04-25T06:05:00
ID CVE-2008-1940
Type cve
Reporter cve@mitre.org
Modified 2017-08-08T01:30:00

Description

The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11-2.4.36.2 does not enforce user_transition_deny and user_transition_allow rules for the (1) sys_setfsuid and (2) sys_setfsgid calls, which allows local users to bypass restrictions for those calls.