CVE-2008-4554
5.8 Medium
AI Score
Confidence
Low
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
9.3%
The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.
References
git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=efc968d450e013049a662d22727cf132618dcb2f
lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
secunia.com/advisories/32386
secunia.com/advisories/32918
secunia.com/advisories/32998
secunia.com/advisories/33180
secunia.com/advisories/33182
secunia.com/advisories/33586
secunia.com/advisories/35390
www.debian.org/security/2008/dsa-1681
www.debian.org/security/2008/dsa-1687
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27
www.mandriva.com/security/advisories?name=MDVSA-2008:224
www.openwall.com/lists/oss-security/2008/10/13/1
www.openwall.com/lists/oss-security/2008/10/14/5
www.redhat.com/support/errata/RHSA-2008-1017.html
www.redhat.com/support/errata/RHSA-2009-0009.html
www.securityfocus.com/bid/31903
www.ubuntu.com/usn/usn-679-1
bugzilla.redhat.com/show_bug.cgi?id=466707
exchange.xforce.ibmcloud.com/vulnerabilities/45954
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11142
www.redhat.com/archives/fedora-package-announce/2008-October/msg00689.html
www.redhat.com/archives/fedora-package-announce/2008-October/msg00693.html
Social References
More
Related
5.8 Medium
AI Score
Confidence
Low
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
9.3%