Bug 463661 (CVE-2008-4210)
Summary: | CVE-2008-4210 kernel: open() call allows setgid bit when user is not in new file's group | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Eugene Teo (Security Response) <eteo> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | unspecified | CC: | buckh, dhoward, esandeen, jpirko, lwang, peterm, pstyles, qcai, vgoyal | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2010-12-21 17:41:49 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 463682, 463683, 463684, 463685, 463686, 463687, 463865, 463867 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Eugene Teo (Security Response)
2008-09-24 05:40:37 UTC
Created attachment 317560 [details]
Reproducer (public)
Proposed upstream patch: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b82dc0e64e93f430182f36b46b79fcee87d3532 Additional references: http://article.gmane.org/gmane.comp.security.oss.general/974 (In reply to comment #7) > Proposed upstream patch: > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b82dc0e64e93f430182f36b46b79fcee87d3532 This should include commit 01de85e057328ecbef36e108673b1e81059d54c1 as well. (In reply to comment #18) > http://marc.info/?l=linux-kernel&m=101812479210977&w=2 More references: http://marc.info/?l=linux-kernel&m=101811359004161&w=2 http://marc.info/?l=linux-kernel&m=101811887207549&w=2 is there a RHSA coming for this for RH 4, a la http://www.redhat.com/support/errata/RHSA-2008-0957.html This was addressed via: Red Hat Linux Advanced Workstation 2.1 (RHSA-2008:0787) Red Hat Enterprise Linux version 5 (RHSA-2008:0957) Red Hat Enterprise Linux version 4 (RHSA-2008:0972) Red Hat Enterprise Linux version 3 (RHSA-2008:0973) Red Hat Enterprise Linux version 2.1 (RHSA-2009:0001) |