Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/out.xml
blob: 3e9c0b4845a3e1ffd1de0776d1ee31c7bc59a928 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

<bug>
    <id>221123</id>
    <title> Linux Kernels 2.6.22-&gt;2.6.25.2 - utimensat() file time modification bypass vulnerability (CVE-2008-2148) </title>
    <cve>CVE-2008-2148</cve>
    <url>http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git;a=blob;f=review-2.6.25/vfs-fix-permission-checking-in-sys_utimensat.patch;h=1da0b9bf9f078e3eb147a6799e5a74af2484014a;hb=cbe22288b271b4e4e51f5573281662f53466e41a</url>
    <arch>All</arch>
    <severity>normal</severity>
    <affected>
        <interval source="linux">
            <lower inclusive="true">2.6.22</lower>
            <upper inclusive="false">2.6.25.2</upper>
        </interval>
    </affected>
</bug>


<cve xml:id="CVE-2008-2148">
        <desc> The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service. </desc>
        <cvss>(AV:N/AC:L/Au:N/C:N/I:N/A:P)</cvss>
</cve>

<!-- CVSS explained: http://nvd.nist.gov/cvss.cfm?vectorinfo&version=2 -->