Lucene search

K
nvd[email protected]NVD:CVE-2008-4210
HistorySep 29, 2008 - 5:17 p.m.

CVE-2008-4210

2008-09-2917:17:29
CWE-264
web.nvd.nist.gov
11
cve-2008-4210
setuid setgid privilege escalation
file write vulnerability

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.1

Confidence

High

EPSS

0

Percentile

0.4%

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.

Affected configurations

Nvd
Node
linuxlinux_kernelRange≤2.6.21.7
OR
linuxlinux_kernelMatch2.2.27
OR
linuxlinux_kernelMatch2.4.36
OR
linuxlinux_kernelMatch2.4.36.1
OR
linuxlinux_kernelMatch2.4.36.2
OR
linuxlinux_kernelMatch2.4.36.3
OR
linuxlinux_kernelMatch2.4.36.4
OR
linuxlinux_kernelMatch2.4.36.5
OR
linuxlinux_kernelMatch2.4.36.6
OR
linuxlinux_kernelMatch2.6
OR
linuxlinux_kernelMatch2.6.18
OR
linuxlinux_kernelMatch2.6.18rc1
OR
linuxlinux_kernelMatch2.6.18rc2
OR
linuxlinux_kernelMatch2.6.18rc3
OR
linuxlinux_kernelMatch2.6.18rc4
OR
linuxlinux_kernelMatch2.6.18rc5
OR
linuxlinux_kernelMatch2.6.18rc6
OR
linuxlinux_kernelMatch2.6.18rc7
OR
linuxlinux_kernelMatch2.6.19.4
OR
linuxlinux_kernelMatch2.6.19.5
OR
linuxlinux_kernelMatch2.6.19.6
OR
linuxlinux_kernelMatch2.6.19.7
OR
linuxlinux_kernelMatch2.6.20.16
OR
linuxlinux_kernelMatch2.6.20.17
OR
linuxlinux_kernelMatch2.6.20.18
OR
linuxlinux_kernelMatch2.6.20.19
OR
linuxlinux_kernelMatch2.6.20.20
OR
linuxlinux_kernelMatch2.6.20.21
OR
linuxlinux_kernelMatch2.6.21.5
OR
linuxlinux_kernelMatch2.6.21.6
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel2.2.27cpe:2.3:o:linux:linux_kernel:2.2.27:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36cpe:2.3:o:linux:linux_kernel:2.4.36:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.1cpe:2.3:o:linux:linux_kernel:2.4.36.1:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.2cpe:2.3:o:linux:linux_kernel:2.4.36.2:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.3cpe:2.3:o:linux:linux_kernel:2.4.36.3:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.4cpe:2.3:o:linux:linux_kernel:2.4.36.4:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.5cpe:2.3:o:linux:linux_kernel:2.4.36.5:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.6cpe:2.3:o:linux:linux_kernel:2.4.36.6:*:*:*:*:*:*:*
linuxlinux_kernel2.6cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*
Rows per page:
1-10 of 301

References

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.1

Confidence

High

EPSS

0

Percentile

0.4%