QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-4210

Back to search

CVE-2008-4210

Published: Sep 29, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.

VendorProductVersions

n/a

n/a

affected
n/a

References

32485
third-party-advisory
x_refsource_SECUNIA
31368
vdb-entry
x_refsource_BID
32237
third-party-advisory
x_refsource_SECUNIA
RHSA-2008:0957
vendor-advisory
x_refsource_REDHAT
RHSA-2008:0972
vendor-advisory
x_refsource_REDHAT
SUSE-SA:2008:056
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:6386
vdb-entry
signature
x_refsource_OVAL
33280
third-party-advisory
x_refsource_SECUNIA
DSA-1653
vendor-advisory
x_refsource_DEBIAN
32356
third-party-advisory
x_refsource_SECUNIA
32918
third-party-advisory
x_refsource_SECUNIA
USN-679-1
vendor-advisory
x_refsource_UBUNTU
oval:org.mitre.oval:def:9511
vdb-entry
signature
x_refsource_OVAL
32759
third-party-advisory
x_refsource_SECUNIA
MDVSA-2008:220
vendor-advisory
x_refsource_MANDRIVA
32344
third-party-advisory
x_refsource_SECUNIA
RHSA-2008:0973
vendor-advisory
x_refsource_REDHAT
RHSA-2008:0787
vendor-advisory
x_refsource_REDHAT
SUSE-SA:2008:051
vendor-advisory
x_refsource_SUSE
32799
third-party-advisory
x_refsource_SECUNIA
SUSE-SA:2008:057
vendor-advisory
x_refsource_SUSE
SUSE-SR:2008:025
vendor-advisory
x_refsource_SUSE
33201
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now