Back to search
CVE-2008-1940
Published: Apr 24, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and 2.1.11-2.4.36.2 does not enforce user_transition_deny and user_transition_allow rules for the (1) sys_setfsuid and (2) sys_setfsgid calls, which allows local users to bypass restrictions for those calls.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
grsecurity-rbac-security-bypass(41952)
vdb-entry
x_refsource_XF
http://www.grsecurity.org/news.php#grsec21113
x_refsource_CONFIRM
29899
third-party-advisory
x_refsource_SECUNIA
1019919
vdb-entry
x_refsource_SECTRACK
ADV-2008-1323
vdb-entry
x_refsource_VUPEN
28889
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now