[CVE-2008-2931] Local privilege escalation in Linux (do_change_type() in fs/namespace.c)
Bug #253787 reported by
Till Ulen
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Dapper |
Invalid
|
Undecided
|
Unassigned | ||
Feisty |
Invalid
|
Undecided
|
Unassigned | ||
linux-source-2.6.15 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Fix Released
|
Undecided
|
Unassigned | ||
Feisty |
Invalid
|
Undecided
|
Unassigned | ||
linux-source-2.6.20 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Invalid
|
Undecided
|
Unassigned | ||
Feisty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: linux-source-2.6.20
CVE-2008-2931 description:
"The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint."
http://
Dapper and Feisty might be affected.
CVE References
To post a comment you must log in.
Changed affected package from linux-source-2.6.20 to linux as per <https:/ /wiki.ubuntu. com/Bugs/ FindRightPackag e#Kernel related bugs>.