CVE-2008-4554 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-4554
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-4554

Description: The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-679-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html SAID Secunia Advisory: SA32386 Secunia Advisory: SA32918 Secunia Advisory: SA33182 Secunia Advisory: SA33180 Secunia Advisory: SA32998 Secunia Advisory: SA33586 Secunia Advisory: SA35390 REDHAT http://www.redhat.com/support/errata/RHSA-2009-0009.html http://www.redhat.com/support/errata/RHSA-2008-1017.html MLIST http://www.openwall.com/lists/oss-security/2008/10/14/5 http://www.openwall.com/lists/oss-security/2008/10/13/1 MISC MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:224 FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1687 http://www.debian.org/security/2008/dsa-1681 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=efc968d450e013049a662d22727cf132618dcb2f BID 31903

Return to the previous page.