Vulnerability Name:

CVE-2008-2148 (CCN-42342)

Assigned:2008-05-09
Published:2008-05-09
Updated:2017-08-08
Summary:The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P)
2.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-2148

Source: CONFIRM
Type: UNKNOWN
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=f9dfda1ad0637a89a64d001cf81478bd8d9b6306

Source: CCN
Type: The Linux Kernel Archives Web site
ChangeLog-2.6.25.3

Source: CONFIRM
Type: UNKNOWN
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:030

Source: CCN
Type: RHSA-2008-0585
Important: kernel security and bug fix update

Source: SECUNIA
Type: Vendor Advisory
30198

Source: CCN
Type: SA30241
Linux Kernel Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
30241

Source: SECUNIA
Type: Vendor Advisory
30818

Source: SECUNIA
Type: Vendor Advisory
31107

Source: SECUNIA
Type: Vendor Advisory
31628

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0169

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:167

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0585

Source: BID
Type: UNKNOWN
29134

Source: CCN
Type: BID-29134
Linux Kernel 'sys_utimensat' Local Denial of Service Vulnerability

Source: CCN
Type: USN-625-1
Linux kernel vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-625-1

Source: VUPEN
Type: Vendor Advisory
ADV-2008-1543

Source: XF
Type: UNKNOWN
linux-kernel-sysutimensat-dos(42342)

Source: XF
Type: UNKNOWN
linux-kernel-sysutimensat-dos(42342)

Source: SUSE
Type: SUSE-SA:2008:030
Linux kernel security update

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:2.6.22:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.11:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.13:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.14:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.15:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.16:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.17:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.18:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.19:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.20:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.21:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.6.22.7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.23:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.24:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.23.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.23.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.16:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.11:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.13:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.14:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.15:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.17:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.18:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.19:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.20:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22.21:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.23.6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.23.7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04:*:lts:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:17496
    P
    		USN-625-1 -- linux, linux-source-2.6.15/20/22 vulnerabilities
    2014-07-21
    oval:org.opensuse.security:def:20082148
    V
    		CVE-2008-2148
    2012-11-01
    BACK
    linux linux kernel 2.6.22
    linux linux kernel 2.6.22.1
    linux linux kernel 2.6.22.2
    linux linux kernel 2.6.22.3
    linux linux kernel 2.6.22.4
    linux linux kernel 2.6.22.5
    linux linux kernel 2.6.22.6
    linux linux kernel 2.6.22.7
    linux linux kernel 2.6.22.8
    linux linux kernel 2.6.22.9
    linux linux kernel 2.6.22.10
    linux linux kernel 2.6.22.11
    linux linux kernel 2.6.22.12
    linux linux kernel 2.6.22.13
    linux linux kernel 2.6.22.14
    linux linux kernel 2.6.22.15
    linux linux kernel 2.6.22.16
    linux linux kernel 2.6.22.17
    linux linux kernel 2.6.22.18
    linux linux kernel 2.6.22.19
    linux linux kernel 2.6.22.20
    linux linux kernel 2.6.22.21
    linux linux kernel 2.6.22.7
    linux linux kernel 2.6.23
    linux linux kernel 2.6.22
    linux linux kernel 2.6.24 rc2
    linux linux kernel 2.6.23.2
    linux linux kernel 2.6.23.5
    linux linux kernel 2.6.22.1
    linux linux kernel 2.6.22.6
    linux linux kernel 2.6.22.3
    linux linux kernel 2.6.22.4
    linux linux kernel 2.6.22.5
    linux linux kernel 2.6.22.16
    linux linux kernel 2.6.24 rc3
    linux linux kernel 2.6.22.2
    linux linux kernel 2.6.22.8
    linux linux kernel 2.6.22.9
    linux linux kernel 2.6.22.10
    linux linux kernel 2.6.22.11
    linux linux kernel 2.6.22.12
    linux linux kernel 2.6.22.13
    linux linux kernel 2.6.22.14
    linux linux kernel 2.6.22.15
    linux linux kernel 2.6.22.17
    linux linux kernel 2.6.22.18
    linux linux kernel 2.6.22.19
    linux linux kernel 2.6.22.20
    linux linux kernel 2.6.22.21
    linux linux kernel 2.6.23.6
    linux linux kernel 2.6.23.7
    redhat enterprise linux 4
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    canonical ubuntu 7.04
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.1 x86_64
    novell opensuse 10.2
    novell opensuse 10.3
    mandrakesoft mandrake linux 2008.1
    canonical ubuntu 8.04