Lucene search

K
cve
Secalert@redhat.comCVE-2008-3833
HistoryOct 03, 2008 - 5:41 p.m.

CVE-2008-3833

2008-10-0317:41:00
CWE-264
secalert@redhat.com
web.nvd.nist.gov
40
3
linux kernel
privilege escalation
fs/splice.c
cve-2008-3833
nvd

5.8 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

8.1%

The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.

Social References

More

How to protect your server from attacks?

5.8 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

8.1%

Related for CVE-2008-3833