Main Vulnerability Database SB2008011502

SB2008011502 - Improper privilege management in Linux kernel

Published: January 15, 2008

Security Bulletin ID SB2008011502

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper privilege management (CVE-ID: CVE-2008-0001)

The vulnerability allows a local user to manipulate or delete data.

VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.

Remediation

Install update from vendor's website.

References

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.14
http://www.securityfocus.com/bid/27280
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.16
http://secunia.com/advisories/28485
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0021
https://issues.rpath.com/browse/RPL-2146
http://secunia.com/advisories/28558
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00828.html
http://www.redhat.com/support/errata/RHSA-2008-0089.html
http://secunia.com/advisories/28628
http://secunia.com/advisories/28664
http://www.debian.org/security/2008/dsa-1479
http://rhn.redhat.com/errata/RHSA-2008-0055.html
http://www.ubuntu.com/usn/usn-574-1
http://secunia.com/advisories/28626
http://secunia.com/advisories/28748
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
http://secunia.com/advisories/28706
http://securitytracker.com/id?1019289
http://secunia.com/advisories/28806
http://www.mandriva.com/security/advisories?name=MDVSA-2008:044
http://www.ubuntu.com/usn/usn-578-1
http://secunia.com/advisories/28971
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html
http://secunia.com/advisories/28643
http://secunia.com/advisories/29245
http://www.mandriva.com/security/advisories?name=MDVSA-2008:112
http://www.vupen.com/english/advisories/2008/0151
https://exchange.xforce.ibmcloud.com/vulnerabilities/39672
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9709
http://www.securityfocus.com/archive/1/486485/100/0/threaded
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=974a9f0b47da74e28f68b9c8645c3786aa5ace1a