diff options
Diffstat (limited to 'out.xml')
| -rw-r--r-- | out.xml | 15 |
1 files changed, 10 insertions, 5 deletions
@@ -1,10 +1,7 @@ <bug> <id>221123</id> <title> Linux Kernels 2.6.22->2.6.25.2 - utimensat() file time modification bypass vulnerability (CVE-2008-2148) </title> - <cve> - <id>CVE-2008-2148</id> - <desc> The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service. </desc> - </cve> + <cve>CVE-2008-2148</cve> <url>http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git;a=blob;f=review-2.6.25/vfs-fix-permission-checking-in-sys_utimensat.patch;h=1da0b9bf9f078e3eb147a6799e5a74af2484014a;hb=cbe22288b271b4e4e51f5573281662f53466e41a</url> <arch>All</arch> <severity>normal</severity> @@ -14,4 +11,12 @@ <upper inclusive="false">2.6.25.2</upper> </interval> </affected> -</bug>
\ No newline at end of file +</bug> + + +<cve xml:id="CVE-2008-2148"> + <desc> The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service. </desc> + <cvss>(AV:N/AC:L/Au:N/C:N/I:N/A:P)</cvss> +</cve> + +<!-- CVSS explained: http://nvd.nist.gov/cvss.cfm?vectorinfo&version=2 --> |