CERT-MU :Vulnerability

Home | Search | FAQ | Site Map | Contact Us

|| Hotline : 800 2378 || To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu || To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

Incident Statistics Forms

Vol. 2, Feb 2012

Vol. 1, Oct 2011

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Anti-Spam Initiative

Cyber Security Portal

Safer Internet Day

Computer Security Day

National Computer Board

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU Vulnerability Note VN-2008-11

Linux Kernel 'truncate()' Local Privilege Escalation Vulnerability

Original Issue Date: October 31, 2008

Severity Rating: High

Systems Affected

Linux kernel versions prior to 2.6.22-rc1

Overview

A vulnerability has been reported in Linux Kernel which allows a local attacker to gain elevated privileges on the system caused by an error in open.c

Description

The vulnerability exists because, the "truncate()" and "ftruncate()" functions are not appropriately clearing the "suid" and "sgid" bits from files modified .An attacker could exploit this vulnerability by creating an executable file in a setgid directory using the truncate or ftruncate function in conjunction with memory-mapped I/O to gain the privileges of a different group, and hence launch further attacks.

Solution