Your submission was sent successfully! Close

CVE-2008-2148

Published: 12 May 2008

The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service.

From the Ubuntu security team

The sys_utimensat system call did not correctly check file permissions in certain situations. A local attacker could exploit this to modify the file times of arbitrary files which could lead to a denial of service.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.26~rc1)
Patches:
upstream: 02c6be615f1fcd37ac5ed93a3ad6692ad8991cd9
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.26~rc1)
linux-source-2.6.20
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.26~rc1)
linux-source-2.6.22
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.26~rc1)