Oval Definition:	oval:org.mitre.oval:def:9980
Revision Date: 2013-04-29 Version: 12 Title: The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210. Description: The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2008-3833 Platform(s): CentOS Linux 5 Oracle Linux 5 Red Hat Enterprise Linux 5 Product(s): Definition Synopsis RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 OR The operating system installed on the system is CentOS Linux 5.x OR Oracle Linux 5.x AND Configuration section kernel-kdump is earlier than 0:2.6.18-92.1.18.el5 OR kernel-debug is earlier than 0:2.6.18-92.1.18.el5 OR kernel-xen is earlier than 0:2.6.18-92.1.18.el5 OR kernel-headers is earlier than 0:2.6.18-92.1.18.el5 OR kernel-kdump-devel is earlier than 0:2.6.18-92.1.18.el5 OR kernel-xen-devel is earlier than 0:2.6.18-92.1.18.el5 OR kernel is earlier than 0:2.6.18-92.1.18.el5 OR kernel-PAE-devel is earlier than 0:2.6.18-92.1.18.el5 OR kernel-devel is earlier than 0:2.6.18-92.1.18.el5 OR kernel-PAE is earlier than 0:2.6.18-92.1.18.el5 OR kernel-debug-devel is earlier than 0:2.6.18-92.1.18.el5 OR kernel-doc is earlier than 0:2.6.18-92.1.18.el5
BACK