CVE-2008-3833
Published: 3 October 2008
The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Not vulnerable
|
|
linux-source-2.6.20 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Not vulnerable
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Not vulnerable
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Not vulnerable
|
|
hardy |
Does not exist
|
|
upstream |
Not vulnerable
|