CVE-2007-4849

Publication date 12 September 2007

Last updated 24 July 2024


Ubuntu priority

JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access restricted files or directories after a remount of a filesystem, related to "legacy modes" and an inconsistency between dentry permissions and inode permissions.

Read the notes from the security team

Status

Package Ubuntu Release Status
linux-source-2.6.15 6.06 LTS dapper
Not affected
linux-source-2.6.17 6.10 edgy
Fixed 2.6.17.1-12.42
linux-source-2.6.20 7.04 feisty
Fixed 2.6.20-16.33
linux-source-2.6.22 7.10 gutsy
Fixed 2.6.22-14.47

Notes


jdstrand

fix in DSA 1378-1 and 1378-2

References

Related Ubuntu Security Notices (USN)

    • USN-574-1
    • Linux kernel vulnerabilities
    • 4 February 2008
    • USN-558-1
    • Linux kernel vulnerabilities
    • 19 December 2007

Other references