fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
Software | From | Fixed in |
---|---|---|
linux / linux_kernel | - | 2.6.21.7.x |
linux / linux_kernel | 2.2.27 | 2.2.27.x |
linux / linux_kernel | 2.4.36 | 2.4.36.x |
linux / linux_kernel | 2.4.36.1 | 2.4.36.1.x |
linux / linux_kernel | 2.4.36.2 | 2.4.36.2.x |
linux / linux_kernel | 2.4.36.3 | 2.4.36.3.x |
linux / linux_kernel | 2.4.36.4 | 2.4.36.4.x |
linux / linux_kernel | 2.4.36.5 | 2.4.36.5.x |
linux / linux_kernel | 2.4.36.6 | 2.4.36.6.x |
linux / linux_kernel | 2.6 | 2.6.x |
linux / linux_kernel | 2.6.18 | 2.6.18.x |
linux / linux_kernel | 2.6.18-rc1 | 2.6.18-rc1.x |
linux / linux_kernel | 2.6.18-rc2 | 2.6.18-rc2.x |
linux / linux_kernel | 2.6.18-rc3 | 2.6.18-rc3.x |
linux / linux_kernel | 2.6.18-rc4 | 2.6.18-rc4.x |
linux / linux_kernel | 2.6.18-rc5 | 2.6.18-rc5.x |
linux / linux_kernel | 2.6.18-rc6 | 2.6.18-rc6.x |
linux / linux_kernel | 2.6.18-rc7 | 2.6.18-rc7.x |
linux / linux_kernel | 2.6.19.4 | 2.6.19.4.x |
linux / linux_kernel | 2.6.19.5 | 2.6.19.5.x |
linux / linux_kernel | 2.6.19.6 | 2.6.19.6.x |
linux / linux_kernel | 2.6.19.7 | 2.6.19.7.x |
linux / linux_kernel | 2.6.20.16 | 2.6.20.16.x |
linux / linux_kernel | 2.6.20.17 | 2.6.20.17.x |
linux / linux_kernel | 2.6.20.18 | 2.6.20.18.x |
linux / linux_kernel | 2.6.20.19 | 2.6.20.19.x |
linux / linux_kernel | 2.6.20.20 | 2.6.20.20.x |
linux / linux_kernel | 2.6.20.21 | 2.6.20.21.x |
linux / linux_kernel | 2.6.21.5 | 2.6.21.5.x |
linux / linux_kernel | 2.6.21.6 | 2.6.21.6.x |