CVE-2008-4554
CVE-2008-4554
The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=efc968d450e013049a662d22727cf132618dcb2fhttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=466707http://secunia.com/advisories/32386http://secunia.com/advisories/32918http://secunia.com/advisories/32998http://secunia.com/advisories/33180http://secunia.com/advisories/33182http://secunia.com/advisories/33586http://secunia.com/advisories/35390https://exchange.xforce.ibmcloud.com/vulnerabilities/45954https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11142