CVE Reference: CVE-2009-4131

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2009-4131

Description:
The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions.

CVE Status:
Candidate

References:

UBUNTU
  http://www.ubuntu.com/usn/USN-869-1

SUSE
  http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html

SAID
  Secunia Advisory: SA37658
  Secunia Advisory: SA37686
  Secunia Advisory: SA38017

MLIST
  http://lkml.org/lkml/2009/12/9/255

MISC
  http://www.theregister.co.uk/2009/12/11/linux_kernel_bugs_patched/

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2009:329

FEDORA

CONFIRM
  http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git6.log
  http://git.kernel.org/?p=linux/kernel/git/tytso/ext4.git;a=commit;h=4a58579b9e4e2a35d57e6c9c8483e52f6f1b7fd6

BID
  37277


Return to the previous page.