CVE-2008-4210

Publication date 29 September 2008

Last updated 24 July 2024

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.

From the Ubuntu Security Team

David Watson discovered that the kernel did not correctly strip permissions when creating files in setgid directories. A local user could exploit this to gain additional group privileges. This issue only affected Ubuntu 6.06.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release
linux-source-2.6.15	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.06 LTS dapper	Fixed 2.6.15-53.74
linux-source-2.6.20	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	7.04 feisty	Ignored end of life, was needed
	6.06 LTS dapper	Not in release
linux-source-2.6.22	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not affected
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux-source-2.6.15	Vendor: http://svn.debian.org/wsvn/kernel/dists/etch-security/linux-2.6/debian/patches/bugfix/open-allows-sgid-in-sgid-directory.patch

CVE-2008-4210

From the Ubuntu Security Team

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references