Your submission was sent successfully! Close

CVE-2008-3833

Published: 03 October 2008

The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

linux-source-2.6.20
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

linux-source-2.6.22
Launchpad, Ubuntu, Debian
Upstream Not vulnerable