CVE-2008-4210

Description

fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.

Software From Fixed in
linux / linux_kernel - 2.6.21.7.x
linux / linux_kernel 2.2.27 2.2.27.x
linux / linux_kernel 2.4.36 2.4.36.x
linux / linux_kernel 2.4.36.1 2.4.36.1.x
linux / linux_kernel 2.4.36.2 2.4.36.2.x
linux / linux_kernel 2.4.36.3 2.4.36.3.x
linux / linux_kernel 2.4.36.4 2.4.36.4.x
linux / linux_kernel 2.4.36.5 2.4.36.5.x
linux / linux_kernel 2.4.36.6 2.4.36.6.x
linux / linux_kernel 2.6 2.6.x
linux / linux_kernel 2.6.18 2.6.18.x
linux / linux_kernel 2.6.18-rc1 2.6.18-rc1.x
linux / linux_kernel 2.6.18-rc2 2.6.18-rc2.x
linux / linux_kernel 2.6.18-rc3 2.6.18-rc3.x
linux / linux_kernel 2.6.18-rc4 2.6.18-rc4.x
linux / linux_kernel 2.6.18-rc5 2.6.18-rc5.x
linux / linux_kernel 2.6.18-rc6 2.6.18-rc6.x
linux / linux_kernel 2.6.18-rc7 2.6.18-rc7.x
linux / linux_kernel 2.6.19.4 2.6.19.4.x
linux / linux_kernel 2.6.19.5 2.6.19.5.x
linux / linux_kernel 2.6.19.6 2.6.19.6.x
linux / linux_kernel 2.6.19.7 2.6.19.7.x
linux / linux_kernel 2.6.20.16 2.6.20.16.x
linux / linux_kernel 2.6.20.17 2.6.20.17.x
linux / linux_kernel 2.6.20.18 2.6.20.18.x
linux / linux_kernel 2.6.20.19 2.6.20.19.x
linux / linux_kernel 2.6.20.20 2.6.20.20.x
linux / linux_kernel 2.6.20.21 2.6.20.21.x
linux / linux_kernel 2.6.21.5 2.6.21.5.x
linux / linux_kernel 2.6.21.6 2.6.21.6.x