Bug 1175780 - (CVE-2008-2931) VUL-0: CVE-2008-2931: kernel-source: kernel: missing check before setting mount propagation
(CVE-2008-2931)
VUL-0: CVE-2008-2931: kernel-source: kernel: missing check before setting mou...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/58013/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-08-26 11:01 UTC by Alexandros Toptsoglou
Modified: 2020-08-26 11:03 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2020-08-26 11:01:51 UTC
CVE-2008-2931

The do_change_type routine has a missing check for capable(CAP_SYS_ADMIN). Even
though the mount command restricts the changing of mountpoint type to only root
users, it is possible for local unprivileged users to bypass and abuse this.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=454388
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2931
http://www.openwall.com/lists/oss-security/2008/07/08/4
http://www.openwall.com/lists/oss-security/2008/07/08/3
https://access.redhat.com/errata/RHSA-2008:0885
https://rhn.redhat.com/errata/RHSA-2008-0885.html
http://people.canonical.com/~ubuntu-security/cve/2008/CVE-2008-2931.html
https://access.redhat.com/security/cve/CVE-2008-2931
http://www.debian.org/security/2008/dsa-1630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2931
https://exchange.xforce.ibmcloud.com/vulnerabilities/43696
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html
http://secunia.com/advisories/31614
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10437
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
http://secunia.com/advisories/32759
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html
http://secunia.com/advisories/30982
http://www.redhat.com/support/errata/RHSA-2008-0885.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
https://usn.ubuntu.com/637-1/
http://www.securityfocus.com/bid/30126
http://xforce.iss.net/xforce/xfdb/43696
http://secunia.com/advisories/32023
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ee6f958291e2a768fd727e7a67badfff0b67711a
http://secunia.com/advisories/31551
Comment 1 Alexandros Toptsoglou 2020-08-26 11:03:03 UTC
We ship newer than 2.6.22 kernels which are anot affected. Closing