Executive Summary

Informations
Name CVE-2008-2148 First vendor Publication 2008-05-12
Vendor Cve Last vendor Modification 2012-03-19

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:P)
Cvss Base Score 3.6 Attack Range Local
Cvss Impact Score 4.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2148

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Os22

OpenVAS Exploits

DateDescription
2009-04-09Name : Mandriva Update for kernel MDVSA-2008:167 (kernel)
File : nvt/gb_mandriva_MDVSA_2008_167.nasl
2009-03-23Name : Ubuntu Update for linux, linux-source-2.6.15/20/22 vulnerabilities USN-625-1
File : nvt/gb_ubuntu_USN_625_1.nasl
2009-01-23Name : SuSE Update for kernel SUSE-SA:2008:030
File : nvt/gb_suse_2008_030.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
45186Linux Kernel utimensat System Call Arbitrary File Time Modification

Nessus® Vulnerability Scanner

DateDescription
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-167.nasl - Type : ACT_GATHER_INFO
2008-07-17Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-625-1.nasl - Type : ACT_GATHER_INFO
2008-06-24Name : The remote openSUSE host is missing a security update.
File : suse_kernel-5339.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/29134
CONFIRM http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;...
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0169
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:167
REDHAT http://www.redhat.com/support/errata/RHSA-2008-0585.html
SECUNIA http://secunia.com/advisories/30198
http://secunia.com/advisories/30241
http://secunia.com/advisories/30818
http://secunia.com/advisories/31107
http://secunia.com/advisories/31628
SUSE http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
UBUNTU http://www.ubuntu.com/usn/usn-625-1
VUPEN http://www.vupen.com/english/advisories/2008/1543/references
XF http://xforce.iss.net/xforce/xfdb/42342

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:44:54
  • Multiple Updates
2013-05-11 00:16:46
  • Multiple Updates