Lucene search

K

PRIOn knowledge basePRION:CVE-2008-4210

HistorySep 29, 2008 - 5:17 p.m.

Design/Logic Flaw

2008-09-2917:17:00

PRIOn knowledge base

www.prio-n.com

2

6.6 Medium

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.

CPENameOperatorVersion
linux_kerneleq2.6.18 rc3
linux_kerneleq2.6.18 rc2
linux_kerneleq2.4.36.6
linux_kerneleq2.6.18 rc5
linux_kerneleq2.6.18 rc4
linux_kerneleq2.6.21.6
linux_kerneleq2.4.36.2
linux_kerneleq2.6.20.16
linux_kerneleq2.6.19.4
linux_kerneleq2.6.20.21

Rows per page:

1-10 of 301

References

bugzilla.kernel.org/show_bug.cgi?id=8420

git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=7b82dc0e64e93f430182f36b46b79fcee87d3532

kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22

lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html

lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.html

lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html

rhn.redhat.com/errata/RHSA-2008-0972.html

secunia.com/advisories/32237

secunia.com/advisories/32344

secunia.com/advisories/32356

secunia.com/advisories/32485

secunia.com/advisories/32759

secunia.com/advisories/32799

secunia.com/advisories/32918

secunia.com/advisories/33201

secunia.com/advisories/33280

www.debian.org/security/2008/dsa-1653

www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22

www.mandriva.com/security/advisories?name=MDVSA-2008:220

www.openwall.com/lists/oss-security/2008/09/24/5

www.openwall.com/lists/oss-security/2008/09/24/8

www.redhat.com/support/errata/RHSA-2008-0787.html

www.redhat.com/support/errata/RHSA-2008-0957.html

www.redhat.com/support/errata/RHSA-2008-0973.html

www.securityfocus.com/bid/31368

www.ubuntu.com/usn/usn-679-1

bugzilla.redhat.com/show_bug.cgi?id=463661

exchange.xforce.ibmcloud.com/vulnerabilities/45539

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6386

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9511

6.6 Medium

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

Related for PRION:CVE-2008-4210

veracode1 seebug1 ubuntucve2 cve2 prion1 suse3 openvas33 nessus22 redhat5 oraclelinux4 centos4 securityvulns3 debian1 osv1 ubuntu1 vmware2