VDB
CVE-2008-4554
CVE-2008-4554
PUBLISHED
Reported by mitre · Published October 15, 2008
The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a |
Timeline
- Oct 15, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 35390 third-party-advisoryx_refsource_SECUNIA
- 32998 third-party-advisoryx_refsource_SECUNIA
- [oss-security] 20081013 CVE request: kernel: don't allow splice() to files opened with O_APPEND mailing-listx_refsource_MLIST
- x_refsource_MISC
- MDVSA-2008:224 vendor-advisoryx_refsource_MANDRIVA
- oval:org.mitre.oval:def:11142 vdb-entrysignaturex_refsource_OVAL
- linux-kernel-dosplicefrom-security-bypass(45954) vdb-entryx_refsource_XF
- 31903 vdb-entryx_refsource_BID
- RHSA-2009:0009 vendor-advisoryx_refsource_REDHAT
- SUSE-SA:2009:030 vendor-advisoryx_refsource_SUSE
- FEDORA-2008-8929 vendor-advisoryx_refsource_FEDORA
- [oss-security] 20081014 Re: CVE request: kernel: don't allow splice() to files opened with O_APPEND mailing-listx_refsource_MLIST
- 33586 third-party-advisoryx_refsource_SECUNIA
- DSA-1687 vendor-advisoryx_refsource_DEBIAN
- x_refsource_CONFIRM
- 32918 third-party-advisoryx_refsource_SECUNIA
- USN-679-1 vendor-advisoryx_refsource_UBUNTU
- x_refsource_CONFIRM
- 33180 third-party-advisoryx_refsource_SECUNIA
- RHSA-2008:1017 vendor-advisoryx_refsource_REDHAT
…and 4 more