Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 231346 (CVE-2008-2931)

Summary: Kernel: do_change_type() check privileges before setting mount propagation (CVE-2008-2931)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ee6f958291e2a768fd727e7a67badfff0b67711a
Whiteboard: [linux <2.6.22]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-07-09 21:18:58 UTC 
CVE-2008-2931 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2931):
  The do_change_type function in fs/namespace.c in the Linux kernel before
  2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability,
  which allows local users to gain privileges or cause a denial of service by
  modifying the properties of a mountpoint.