Ubuntu
linux-source-2.6.20 package

[CVE-2008-2931] Local privilege escalation in Linux (do_change_type() in fs/namespace.c)

Bug #253787 reported by Till Ulen
256
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned
Dapper
Invalid
Undecided
Unassigned
Feisty
Invalid
Undecided
Unassigned
linux-source-2.6.15 (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Fix Released
Undecided
Unassigned
Feisty
Invalid
Undecided
Unassigned
linux-source-2.6.20 (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Invalid
Undecided
Unassigned
Feisty
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: linux-source-2.6.20

CVE-2008-2931 description:

"The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint."

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2931

Dapper and Feisty might be affected.

CVE References

Revision history for this message
Till Ulen (tillulen) wrote :

Changed affected package from linux-source-2.6.20 to linux as per <https://wiki.ubuntu.com/Bugs/FindRightPackage#Kernel related bugs>.

Changed in linux-source-2.6.20:
status: New → Invalid
Revision history for this message
Leann Ogasawara (leannogasawara) wrote :

Thanks Alexander,

The security team has backported patches for this. They are currently pending and awaiting arrival into the archive. Also, you had correctly opened this against the 2.6.20 kernel source. It's only for bugs against 2.6.24 or later that they will target the "linux" package. Thanks.

Changed in linux:
status: New → Invalid
Changed in linux-source-2.6.20:
status: Invalid → New
Changed in linux-source-2.6.15:
status: New → Invalid
Changed in linux-source-2.6.20:
status: New → Invalid
Changed in linux:
status: New → Invalid
status: New → Invalid
Revision history for this message
Till Ulen (tillulen) wrote :

On Mon, Aug 11, 2008 at 21:38, Leann Ogasawara <leann at ubuntu> wrote:
>
> [...] Also, you had correctly
> opened this against the 2.6.20 kernel source. It's only for bugs
> against 2.6.24 or later that they will target the "linux" package.

If so, please update the wiki page at
<https://wiki.ubuntu.com/Bugs/FindRightPackage#Kernel related bugs>.
It currently suggests that the bugs in Feisty and Gutsy kernels
(2.6.20 and 2.6.22) should be reported against the "linux" package.

Thanks for the clarification.

Revision history for this message
Leann Ogasawara (leannogasawara) wrote :

Looks like this was fixed for both Dapper and Feisty a while ago:

http://www.ubuntu.com/usn/usn-637-1

Changed in linux-source-2.6.20:
status: New → Fix Released
status: New → Fix Released
Changed in linux-source-2.6.15:
status: New → Fix Released
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.