Your submission was sent successfully! Close

CVE-2008-2148

Published: 12 May 2008

The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service.

From the Ubuntu security team

The sys_utimensat system call did not correctly check file permissions in certain situations. A local attacker could exploit this to modify the file times of arbitrary files which could lead to a denial of service.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Does not exist

hardy
Released (2.6.24-19.36)
upstream
Released (2.6.26~rc1)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper Not vulnerable

feisty Does not exist

gutsy Does not exist

hardy Does not exist

upstream
Released (2.6.26~rc1)
linux-source-2.6.20
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Not vulnerable

gutsy Does not exist

hardy Does not exist

upstream
Released (2.6.26~rc1)
linux-source-2.6.22
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy
Released (2.6.22-15.56)
hardy Does not exist

upstream
Released (2.6.26~rc1)