CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
0.4%
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid
and setgid bits when there is a write to a file, which allows local users
to gain the privileges of a different group, and obtain sensitive
information or possibly have unspecified other impact, by creating an
executable file in a setgid directory through the (1) truncate or (2)
ftruncate function in conjunction with memory-mapped I/O.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | linux-source-2.6.15 | <Â 2.6.15-53.74 | UNKNOWN |