CVE-2008-2931 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-2931
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-2931

Description: The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/43696 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-637-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html SAID Secunia Advisory: SA31614 Secunia Advisory: SA32023 Secunia Advisory: SA31551 Secunia Advisory: SA32759 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0885.html MLIST http://www.openwall.com/lists/oss-security/2008/07/08/4 http://www.openwall.com/lists/oss-security/2008/07/08/3 DEBIAN http://www.debian.org/security/2008/dsa-1630 CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ee6f958291e2a768fd727e7a67badfff0b67711a BID 30126

Return to the previous page.