Published: 03/10/2008 Updated: 13/02/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

The generic_file_splice_write function in fs/splice.c in the Linux kernel prior to 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6.18
linux linux kernel 2.6.22.15
linux linux kernel 2.6.23.13
linux linux kernel 2.4.36.6
linux linux kernel 2.6.22.21
linux linux kernel 2.6.23.8
linux linux kernel 2.6.22.12
linux linux kernel
linux linux kernel 2.6.21.6
linux linux kernel 2.4.36.2
linux linux kernel 2.6.22.1
linux linux kernel 2.6.23.16
linux linux kernel 2.6.22
linux linux kernel 2.6.26.3
linux linux kernel 2.6.20.16
linux linux kernel 2.6.19.4
linux linux kernel 2.6.20.21
linux linux kernel 2.4.36.1
linux linux kernel 2.6.24
linux linux kernel 2.6.26.2
linux linux kernel 2.6.20.17
linux linux kernel 2.6.21.5
linux linux kernel 2.6.23.15
linux linux kernel 2.6.23.10
linux linux kernel 2.4.36.4
linux linux kernel 2.6.26.1
linux linux kernel 2.6.20.20
linux linux kernel 2.6.22.18
linux linux kernel 2.4.36.3
linux linux kernel 2.6.22.20
linux linux kernel 2.6.20.18
linux linux kernel 2.6.23.9
linux linux kernel 2.6.22.9
linux linux kernel 2.6.22.13
linux linux kernel 2.6.19.7
linux linux kernel 2.6.20.19
linux linux kernel 2.6.22.17
linux linux kernel 2.6.22.11
linux linux kernel 2.6.23
linux linux kernel 2.6.22.10
linux linux kernel 2.6.23.17
linux linux kernel 2.6.21.7
linux linux kernel 2.6.22.22
linux linux kernel 2.6.22_rc7
linux linux kernel 2.4.36
linux linux kernel 2.6.23.12
linux linux kernel 2.6.19.6
linux linux kernel 2.6.22.8
linux linux kernel 2.6.19.5
linux linux kernel 2.4.36.5
linux linux kernel 2.6.22.2
linux linux kernel 2.2.27
linux linux kernel 2.6.22.19
linux linux kernel 2.6.22_rc1
linux linux kernel 2.6.25
linux linux kernel 2.6.23.11
linux linux kernel 2.6.22.14
linux linux kernel 2.6

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that resolve several security issues and fixvarious bugs are now available for Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedH ...

CWE-264 https://bugzilla.redhat.com/show_bug.cgi?id=464450 http://openwall.com/lists/oss-security/2008/10/03/1 http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.19/ChangeLog-2.6.19-rc3 http://www.securityfocus.com/bid/31567 http://www.redhat.com/support/errata/RHSA-2008-0957.html http://secunia.com/advisories/32485 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://secunia.com/advisories/32759 http://www.debian.org/security/2008/dsa-1653 http://secunia.com/advisories/32237 https://exchange.xforce.ibmcloud.com/vulnerabilities/45922 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9980 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.19.y.git%3Ba=commit%3Bh=8c34e2d63231d4bf4852bac8521883944d770fe3 https://access.redhat.com/errata/RHSA-2008:0957 https://nvd.nist.gov

CVE-2008-3833

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect