CVE-2008-4210

Publication date 29 September 2008

Last updated 24 July 2024


Ubuntu priority

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.

From the Ubuntu Security Team

David Watson discovered that the kernel did not correctly strip permissions when creating files in setgid directories. A local user could exploit this to gain additional group privileges. This issue only affected Ubuntu 6.06.

Status

Package Ubuntu Release Status
linux 8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper Not in release
linux-source-2.6.15 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper
Fixed 2.6.15-53.74
linux-source-2.6.20 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty Ignored end of life, was needed
6.06 LTS dapper Not in release
linux-source-2.6.22 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy
Not affected
7.04 feisty Not in release
6.06 LTS dapper Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
linux-source-2.6.15

References

Related Ubuntu Security Notices (USN)

    • USN-679-1
    • Linux kernel vulnerabilities
    • 27 November 2008

Other references