CVE-2008-4554

Loading...

General

Score:4.6/10.0
Severity:Low
Category:Access Control Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Local
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2008-3527, CVE-2008-3528, CVE-2008-3831, CVE-2008-4576, CVE-2008-4933, CVE-2008-4934, CVE-2008-5025, CVE-2008-5029, CVE-2008-5079, CVE-2008-5300

Published on 15/10/08 - Updated on 29/09/17

Description

The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.

Category: Access Control Error

CWE-264 (Permissions, Privileges, and Access Control)
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Security Notices

US National Vulnerability DatabaseCVE-2008-4554
CentOS CESA-2008:1017
Redhat RHSA-2008:1017
Renater 2008/VULN493, 2008/VULN592

Exploits

SecurityFocusBID-31903

Relative technologies

VendorProduct
linuxlinux_kernel

Share this vulnerability with:

Twitter Facebook LinkedIn Mail