Your submission was sent successfully! Close

CVE-2008-4210

Published: 29 September 2008

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.

From the Ubuntu security team

David Watson discovered that the kernel did not correctly strip permissions when creating files in setgid directories. A local user could exploit this to gain additional group privileges. This issue only affected Ubuntu 6.06.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Does not exist

hardy Not vulnerable

intrepid Not vulnerable

upstream
Released (2.6.22)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper
Released (2.6.15-53.74)
feisty Does not exist

gutsy Does not exist

hardy Does not exist

intrepid Does not exist

upstream Needed

Patches:
vendor: http://svn.debian.org/wsvn/kernel/dists/etch-security/linux-2.6/debian/patches/bugfix/open-allows-sgid-in-sgid-directory.patch
linux-source-2.6.20
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Needed
(reached end-of-life)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

upstream Needed

linux-source-2.6.22
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty Does not exist

gutsy Not vulnerable

hardy Does not exist

intrepid Does not exist

upstream Not vulnerable