Improper privilege management in Linux kernel - CVE-2008-0001
Published: January 15, 2008 / Updated: February 13, 2023
Vulnerability identifier: #VU93743
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2008-0001
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to manipulate or delete data.
VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.
How to mitigate CVE-2008-0001
Install update from vendor's website.
Sources
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.14
- http://www.securityfocus.com/bid/27280
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.16
- http://secunia.com/advisories/28485
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0021
- https://issues.rpath.com/browse/RPL-2146
- http://secunia.com/advisories/28558
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00828.html
- http://www.redhat.com/support/errata/RHSA-2008-0089.html
- http://secunia.com/advisories/28628
- http://secunia.com/advisories/28664
- http://www.debian.org/security/2008/dsa-1479
- http://rhn.redhat.com/errata/RHSA-2008-0055.html
- http://www.ubuntu.com/usn/usn-574-1
- http://secunia.com/advisories/28626
- http://secunia.com/advisories/28748
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
- http://secunia.com/advisories/28706
- http://securitytracker.com/id?1019289
- http://secunia.com/advisories/28806
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:044
- http://www.ubuntu.com/usn/usn-578-1
- http://secunia.com/advisories/28971
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html
- http://secunia.com/advisories/28643
- http://secunia.com/advisories/29245
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:112
- http://www.vupen.com/english/advisories/2008/0151
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39672
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9709
- http://www.securityfocus.com/archive/1/486485/100/0/threaded
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=974a9f0b47da74e28f68b9c8645c3786aa5ace1a