Lucene search

K
cveRedhatCVE-2008-3833
HistoryOct 03, 2008 - 5:41 p.m.

CVE-2008-3833

2008-10-0317:41:40
CWE-264
redhat
web.nvd.nist.gov
62
3
linux kernel
privilege escalation
fs/splice.c
cve-2008-3833
nvd

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

AI Score

6

Confidence

High

EPSS

0

Percentile

10.1%

The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.

Affected configurations

Nvd
Node
linuxlinux_kernelRange≤2.6.26.4
OR
linuxlinux_kernelMatch2.2.27
OR
linuxlinux_kernelMatch2.4.36
OR
linuxlinux_kernelMatch2.4.36.1
OR
linuxlinux_kernelMatch2.4.36.2
OR
linuxlinux_kernelMatch2.4.36.3
OR
linuxlinux_kernelMatch2.4.36.4
OR
linuxlinux_kernelMatch2.4.36.5
OR
linuxlinux_kernelMatch2.4.36.6
OR
linuxlinux_kernelMatch2.6
OR
linuxlinux_kernelMatch2.6.18
OR
linuxlinux_kernelMatch2.6.18rc1
OR
linuxlinux_kernelMatch2.6.18rc2
OR
linuxlinux_kernelMatch2.6.18rc3
OR
linuxlinux_kernelMatch2.6.18rc4
OR
linuxlinux_kernelMatch2.6.18rc5
OR
linuxlinux_kernelMatch2.6.18rc6
OR
linuxlinux_kernelMatch2.6.18rc7
OR
linuxlinux_kernelMatch2.6.19.4
OR
linuxlinux_kernelMatch2.6.19.5
OR
linuxlinux_kernelMatch2.6.19.6
OR
linuxlinux_kernelMatch2.6.19.7
OR
linuxlinux_kernelMatch2.6.20.16
OR
linuxlinux_kernelMatch2.6.20.17
OR
linuxlinux_kernelMatch2.6.20.18
OR
linuxlinux_kernelMatch2.6.20.19
OR
linuxlinux_kernelMatch2.6.20.20
OR
linuxlinux_kernelMatch2.6.20.21
OR
linuxlinux_kernelMatch2.6.21.5
OR
linuxlinux_kernelMatch2.6.21.6
OR
linuxlinux_kernelMatch2.6.21.7
OR
linuxlinux_kernelMatch2.6.22
OR
linuxlinux_kernelMatch2.6.22.1
OR
linuxlinux_kernelMatch2.6.22.2
OR
linuxlinux_kernelMatch2.6.22.8
OR
linuxlinux_kernelMatch2.6.22.9
OR
linuxlinux_kernelMatch2.6.22.10
OR
linuxlinux_kernelMatch2.6.22.11
OR
linuxlinux_kernelMatch2.6.22.12
OR
linuxlinux_kernelMatch2.6.22.13
OR
linuxlinux_kernelMatch2.6.22.14
OR
linuxlinux_kernelMatch2.6.22.15
OR
linuxlinux_kernelMatch2.6.22.17
OR
linuxlinux_kernelMatch2.6.22.18
OR
linuxlinux_kernelMatch2.6.22.19
OR
linuxlinux_kernelMatch2.6.22.20
OR
linuxlinux_kernelMatch2.6.22.21
OR
linuxlinux_kernelMatch2.6.22.22
OR
linuxlinux_kernelMatch2.6.22_rc1
OR
linuxlinux_kernelMatch2.6.22_rc7
OR
linuxlinux_kernelMatch2.6.23
OR
linuxlinux_kernelMatch2.6.23.8
OR
linuxlinux_kernelMatch2.6.23.9
OR
linuxlinux_kernelMatch2.6.23.10
OR
linuxlinux_kernelMatch2.6.23.11
OR
linuxlinux_kernelMatch2.6.23.12
OR
linuxlinux_kernelMatch2.6.23.13
OR
linuxlinux_kernelMatch2.6.23.15
OR
linuxlinux_kernelMatch2.6.23.16
OR
linuxlinux_kernelMatch2.6.23.17
OR
linuxlinux_kernelMatch2.6.24
OR
linuxlinux_kernelMatch2.6.25
OR
linuxlinux_kernelMatch2.6.26.1
OR
linuxlinux_kernelMatch2.6.26.2
OR
linuxlinux_kernelMatch2.6.26.3
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel2.2.27cpe:2.3:o:linux:linux_kernel:2.2.27:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36cpe:2.3:o:linux:linux_kernel:2.4.36:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.1cpe:2.3:o:linux:linux_kernel:2.4.36.1:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.2cpe:2.3:o:linux:linux_kernel:2.4.36.2:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.3cpe:2.3:o:linux:linux_kernel:2.4.36.3:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.4cpe:2.3:o:linux:linux_kernel:2.4.36.4:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.5cpe:2.3:o:linux:linux_kernel:2.4.36.5:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.6cpe:2.3:o:linux:linux_kernel:2.4.36.6:*:*:*:*:*:*:*
linuxlinux_kernel2.6cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*
Rows per page:
1-10 of 651

Social References

More

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

AI Score

6

Confidence

High

EPSS

0

Percentile

10.1%