HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

 

CERT-In Vulnerability Note CIVN-2008-172
Linux Kernel 'truncate()' Local Privilege Escalation Vulnerability

Original Issue Date:October 31, 2008

Severity Rating: High

Systems Affected

  • Linux kernel versions prior to 2.6.22-rc1

Overview

A vulnerability has been reported in Linux Kernel which allows a local attacker to gain elevated privileges on the system caused by an error in open.c

Description

 The vulnerability exists because, the "truncate()" and "ftruncate()" functions are not appropriately clearing the "suid"  and "sgid" bits from files modified .An attacker could exploit this vulnerability by creating an executable file in a setgid directory using the truncate or ftruncate function in conjunction with memory-mapped I/O to gain the privileges of a different group, and hence launch further attacks.

Solution

Upgrade to latest versions provided by the vendor.
http://www.kernel.org/

Vendor Information

kernel.org
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22

References

 IBM ISS X-force
http://xforce.iss.net/xforce/xfdb/45539

SecurityFocus
http://www.securityfocus.com/bid/31368

CVE Name
CVE-2008-4210

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003