Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 221123 (CVE-2008-2148)

Summary: Linux Kernels 2.6.22->2.6.25.2 - utimensat() file time modification bypass vulnerability (CVE-2008-2148)
Product: Gentoo Security Reporter: Gordon Malm (RETIRED) <gengor>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git;a=blob;f=review-2.6.25/vfs-fix-permission-checking-in-sys_utimensat.patch;h=1da0b9bf9f078e3eb147a6799e5a74af2484014a;hb=cbe22288b271b4e4e51f5573281662f53466e41a
Whiteboard: [linux >=2.6.22 <2.6.25.2]
Package list:
Runtime testing required: ---

Description Gordon Malm (RETIRED) gentoo-dev 2008-05-09 19:06:16 UTC 
http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git;a=blob;f=review-2.6.25/vfs-fix-permission-checking-in-sys_utimensat.patch;h=1da0b9bf9f078e3eb147a6799e5a74af2484014a;hb=cbe22288b271b4e4e51f5573281662f53466e41a

"If utimensat() is called with both times set to UTIME_NOW or one of them to
UTIME_NOW and the other to UTIME_OMIT, then it will update the file time
without any permission checking.

I don't think this can be used for anything other than a local DoS, but could
be quite bewildering at that (e.g.  "Why was that large source tree rebuilt
when I didn't modify anything???")

This affects all kernels from 2.6.22, when the utimensat() syscall was
introduced.

Fix by doing the same permission checking as for the "times == NULL" case."

Reproducible: Always
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-05-10 11:31:56 UTC 
thanks for the report, but please use "gentoo security" when filing security bugs.