CVE-2008-4210
published 2008-09-29CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain…
PriorityP423medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
2.14%
79.7th percentile
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
Affected
59 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | <= 2.6.26.4 | — |
| linux | linux_kernel | <= 2.6.21.7 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat4.9MEDIUM
vendor_ubuntu4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2008-11-27·CVSS 4.9
CVE-2007-5498 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
It was discovered that the Xen hypervisor block driver did not correctly
validate requests. A user with root privileges in a guest OS could make a
malicious IO request with a large number of blocks that would crash the
host OS, leading to a denial of service. This only affected Ubuntu 7.10.
(CVE-2007-5498)
It was discovered the the i915 video driver did not correctly validate
memory addresses. A local attacker could exploit this to remap memory that
could cause a system crash, leading to a denial of service. This issue did
not affect Ubuntu 6.06 and was previous fixed for Ubuntu 7.10 and 8.04 in
USN-659-1. Ubuntu 8.10 has now been corrected as well. (CVE-2008-3831)
David Watson discovered that the kernel did not
Red Hat
kernel: open() call allows setgid bit when user is not in new file's group
vendor_redhat·2007-05-02·CVSS 4.6
CVE-2008-4210 [MEDIUM] kernel: open() call allows setgid bit when user is not in new file's group
kernel: open() call allows setgid bit when user is not in new file's group
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
Red Hat
kernel: remove SUID when splicing into an inode
vendor_redhat·2006-10-17·CVSS 4.9
CVE-2008-3833 [MEDIUM] kernel: remove SUID when splicing into an inode
kernel: remove SUID when splicing into an inode
The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.
GHSA
GHSA-4hj9-rwwj-2hgv: fs/open
ghsa_unreviewed·2022-05-02
CVE-2008-4210 [MEDIUM] GHSA-4hj9-rwwj-2hgv: fs/open
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
GHSA
GHSA-qwxw-cr32-mppw: The generic_file_splice_write function in fs/splice
ghsa_unreviewed·2022-05-02·CVSS 4.6
CVE-2008-3833 [MEDIUM] GHSA-qwxw-cr32-mppw: The generic_file_splice_write function in fs/splice
The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.
No detection rules found.
http://bugzilla.kernel.org/show_bug.cgi?id=8420http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=7b82dc0e64e93f430182f36b46b79fcee87d3532http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0972.htmlhttp://secunia.com/advisories/32237http://secunia.com/advisories/32344http://secunia.com/advisories/32356http://secunia.com/advisories/32485http://secunia.com/advisories/32759http://secunia.com/advisories/32799http://secunia.com/advisories/32918http://secunia.com/advisories/33201http://secunia.com/advisories/33280http://www.debian.org/security/2008/dsa-1653http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22http://www.mandriva.com/security/advisories?name=MDVSA-2008:220http://www.openwall.com/lists/oss-security/2008/09/24/5http://www.openwall.com/lists/oss-security/2008/09/24/8http://www.redhat.com/support/errata/RHSA-2008-0787.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0957.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0973.htmlhttp://www.securityfocus.com/bid/31368http://www.ubuntu.com/usn/usn-679-1https://bugzilla.redhat.com/show_bug.cgi?id=463661https://exchange.xforce.ibmcloud.com/vulnerabilities/45539https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6386https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9511http://bugzilla.kernel.org/show_bug.cgi?id=8420http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=7b82dc0e64e93f430182f36b46b79fcee87d3532http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-12/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0972.htmlhttp://secunia.com/advisories/32237http://secunia.com/advisories/32344http://secunia.com/advisories/32356http://secunia.com/advisories/32485http://secunia.com/advisories/32759http://secunia.com/advisories/32799http://secunia.com/advisories/32918http://secunia.com/advisories/33201http://secunia.com/advisories/33280http://www.debian.org/security/2008/dsa-1653http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22http://www.mandriva.com/security/advisories?name=MDVSA-2008:220http://www.openwall.com/lists/oss-security/2008/09/24/5http://www.openwall.com/lists/oss-security/2008/09/24/8http://www.redhat.com/support/errata/RHSA-2008-0787.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0957.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0973.htmlhttp://www.securityfocus.com/bid/31368http://www.ubuntu.com/usn/usn-679-1https://bugzilla.redhat.com/show_bug.cgi?id=463661https://exchange.xforce.ibmcloud.com/vulnerabilities/45539https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6386https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9511
2008-09-29
Published