Published: 29/09/2008 Updated: 07/11/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

fs/open.c in the Linux kernel prior to 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6.18
linux linux kernel 2.4.36.6
linux linux kernel 2.6.21.6
linux linux kernel 2.4.36.2
linux linux kernel 2.6.20.16
linux linux kernel 2.6.19.4
linux linux kernel 2.6.20.21
linux linux kernel 2.4.36.1
linux linux kernel 2.6.20.17
linux linux kernel 2.6.21.5
linux linux kernel 2.4.36.4
linux linux kernel 2.6.20.20
linux linux kernel 2.4.36.3
linux linux kernel 2.6.20.18
linux linux kernel 2.6.19.7
linux linux kernel 2.6.20.19
linux linux kernel 2.4.36
linux linux kernel 2.6.19.6
linux linux kernel 2.6.19.5
linux linux kernel 2.4.36.5
linux linux kernel 2.2.27
linux linux kernel
linux linux kernel 2.6

It was discovered that the Xen hypervisor block driver did not correctly validate requests A user with root privileges in a guest OS could make a malicious IO request with a large number of blocks that would crash the host OS, leading to a denial of service This only affected Ubuntu 710 (CVE-2007-5498) ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that resolve several security issues and fixvarious bugs are now available for Red Hat Enterprise Linux 4This update has been rated as having important security impact by the RedH ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix a number of security issues are nowavailable for Red Hat Enterprise Linux 21 running on 64-bit architecturesThis update has been rated as having important security impact by the Red ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that resolve several security issues and fixvarious bugs are now available for Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedH ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that resolve several security issues and fixvarious bugs are now available for Red Hat Enterprise Linux 3This update has been rated as having important security impact by the RedH ...

Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix a number of security issues are nowavailable for Red Hat Enterprise Linux 21 running on 32-bit architecturesThis update has been rated as having important security impact by the Red ...

/* gw-ftrexc: Linux kernel < 2622 open/ftruncate local exploit by <gat3way at gat3way dot eu> bug information: osvdborg/49081 !!!This is for educational purposes only!!! To use it, you've got to find a sgid directory you've got permissions to write into (obviously world-writable), eg: find / -perm -2000 -type d 2>/dev/n ...

CVE-2008-4210

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect