Launchpad.net

CVE 2008-4554

The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.

Related bugs and status

CVE-2008-4554 (Candidate) is related to these bugs:

Bug #94186: 3c59x - 10/100 NIC fails to link to gigabit switch

		In	Importance	Status
94186	3c59x - 10/100 NIC fails to link to gigabit switch	linux-source-2.6.20 (Ubuntu)	Undecided	Won't Fix
94186	3c59x - 10/100 NIC fails to link to gigabit switch	linux-source-2.6.22 (Ubuntu)	Low	Fix Released
94186	3c59x - 10/100 NIC fails to link to gigabit switch	linux (Ubuntu)	Undecided	Fix Released

Bug #125250: Don't recognise USB Pendrive -> sr0: disc change detected.

		In	Importance	Status
125250	Don't recognise USB Pendrive -> sr0: disc change detected.	linux-source-2.6.20 (Ubuntu)	Undecided	Won't Fix
125250	Don't recognise USB Pendrive -> sr0: disc change detected.	linux (Ubuntu)	Medium	Fix Released
125250	Don't recognise USB Pendrive -> sr0: disc change detected.	linux (Ubuntu Hardy)	Medium	Fix Released
125250	Don't recognise USB Pendrive -> sr0: disc change detected.	linux-source-2.6.20 (Ubuntu Hardy)	Undecided	Won't Fix
125250	Don't recognise USB Pendrive -> sr0: disc change detected.	linux (Ubuntu Intrepid)	Medium	Fix Released
125250	Don't recognise USB Pendrive -> sr0: disc change detected.	linux-source-2.6.20 (Ubuntu Intrepid)	Undecided	Invalid
125250	Don't recognise USB Pendrive -> sr0: disc change detected.	linux (Ubuntu Jaunty)	Medium	Fix Released
125250	Don't recognise USB Pendrive -> sr0: disc change detected.	linux-source-2.6.20 (Ubuntu Jaunty)	Undecided	Invalid

Bug #140608: linux-image-2.6.20-16 fails to detect twin usb gamepad

		In	Importance	Status
140608	linux-image-2.6.20-16 fails to detect twin usb gamepad	linux-source-2.6.20 (Ubuntu)	Undecided	Invalid
140608	linux-image-2.6.20-16 fails to detect twin usb gamepad	linux (Ubuntu)	Medium	Fix Released
140608	linux-image-2.6.20-16 fails to detect twin usb gamepad	linux (Ubuntu Intrepid)	Undecided	Invalid
140608	linux-image-2.6.20-16 fails to detect twin usb gamepad	linux-source-2.6.20 (Ubuntu Intrepid)	Undecided	Invalid
140608	linux-image-2.6.20-16 fails to detect twin usb gamepad	linux (Ubuntu Hardy)	Undecided	Fix Released
140608	linux-image-2.6.20-16 fails to detect twin usb gamepad	linux-source-2.6.20 (Ubuntu Hardy)	Undecided	Invalid

Bug #182716: bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work.

		In	Importance	Status
182716	bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work.	linux (Ubuntu)	Medium	Fix Released
182716	bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work.	Ubuntu	Undecided	Invalid
182716	bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work.	Linux	Undecided	Invalid
182716	bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work.	linux (Mandriva)	Undecided	New
182716	bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work.	linux-source-2.6.22 (Ubuntu)	Undecided	Won't Fix
182716	bcm4306, bcm4309, bcm4311, bcm4312 with b43 : Authentication with AP doesn't work.	linux (Baltix)	Undecided	New

Bug #208551: mdadm with Raid5 stuck in uninterruptable sleep

Summary				In	Importance	Status
	208551	mdadm with Raid5 stuck in uninterruptable sleep		linux (Ubuntu)	Undecided	Fix Released
	208551	mdadm with Raid5 stuck in uninterruptable sleep		linux (Ubuntu Hardy)	Medium	Fix Released

Bug #217659: dtl1_cs causes kernel panic when plugged in

Summary				In	Importance	Status
	217659	dtl1_cs causes kernel panic when plugged in		linux (Ubuntu)	High	Fix Released
	217659	dtl1_cs causes kernel panic when plugged in		linux (Ubuntu Hardy)	High	Fix Released

Bug #231746: kernel crash in iov_iter_advance (caused by nfs-kernel-server)

Summary				In	Importance	Status
	231746	kernel crash in iov_iter_advance (caused by nfs-kernel-server)		linux (Ubuntu)	Undecided	Fix Released
	231746	kernel crash in iov_iter_advance (caused by nfs-kernel-server)		linux (Ubuntu Hardy)	Medium	Fix Released

Bug #235119: Coretemp outdated / can't show 45nm core temps

		In	Importance	Status
235119	Coretemp outdated / can't show 45nm core temps	linux (Ubuntu)	Undecided	Fix Released
235119	Coretemp outdated / can't show 45nm core temps	linux (Ubuntu Hardy)	Medium	Fix Released
235119	Coretemp outdated / can't show 45nm core temps	lm-sensors	Undecided	New
235119	Coretemp outdated / can't show 45nm core temps	lm-sensors-3 (Ubuntu)	Medium	Fix Released
235119	Coretemp outdated / can't show 45nm core temps	lm-sensors-3 (Ubuntu Hardy)	Medium	Fix Released

Bug #237306: hisax isdn network broken

Summary				In	Importance	Status
	237306	hisax isdn network broken		linux (Ubuntu)	Undecided	Fix Released
	237306	hisax isdn network broken		linux (Ubuntu Hardy)	Medium	Fix Released

Bug #247148: Xen dom0 kernel corrupts software raid (2.6.24-19)

		In	Importance	Status
247148	Xen dom0 kernel corrupts software raid (2.6.24-19)	linux-meta (Ubuntu)	Undecided	Invalid
247148	Xen dom0 kernel corrupts software raid (2.6.24-19)	linux (Ubuntu)	Medium	Invalid
247148	Xen dom0 kernel corrupts software raid (2.6.24-19)	linux (Ubuntu Hardy)	Medium	Fix Released
247148	Xen dom0 kernel corrupts software raid (2.6.24-19)	linux-meta (Ubuntu Hardy)	Undecided	Invalid

Bug #257684: CONFIG_AX25_DAMA_SLAVE not enabled

Summary				In	Importance	Status
	257684	CONFIG_AX25_DAMA_SLAVE not enabled		linux (Ubuntu)	Low	Fix Released
	257684	CONFIG_AX25_DAMA_SLAVE not enabled		linux (Ubuntu Hardy)	Low	Fix Released

Bug #263217: Unable to connect Motorola Z6 phone in mass storage mode

Summary				In	Importance	Status
	263217	Unable to connect Motorola Z6 phone in mass storage mode		linux (Ubuntu)	Undecided	Fix Released
	263217	Unable to connect Motorola Z6 phone in mass storage mode		linux (Ubuntu Hardy)	Low	Fix Released

Bug #268981: Hardy: VMware Workstation 6.5 won't power on

Summary				In	Importance	Status
	268981	Hardy: VMware Workstation 6.5 won't power on		linux (Ubuntu)	Undecided	Fix Released
	268981	Hardy: VMware Workstation 6.5 won't power on		linux (Ubuntu Hardy)	High	Fix Released

Bug #270643: ALPS touchpad not recognized in Dell Latitude E6400

		In	Importance	Status
270643	ALPS touchpad not recognized in Dell Latitude E6400	linux (Ubuntu)	High	Fix Released
270643	ALPS touchpad not recognized in Dell Latitude E6400	xorg (Ubuntu)	Undecided	Invalid
270643	ALPS touchpad not recognized in Dell Latitude E6400	linux (Ubuntu Intrepid)	High	Fix Released
270643	ALPS touchpad not recognized in Dell Latitude E6400	xorg (Ubuntu Intrepid)	Undecided	Invalid
270643	ALPS touchpad not recognized in Dell Latitude E6400	linux (Ubuntu Hardy)	High	Fix Released
270643	ALPS touchpad not recognized in Dell Latitude E6400	xorg (Ubuntu Hardy)	Undecided	Invalid

Bug #272485: USB device 1a86:7523 (serial-to-USB cable) not recognised by CH341 driver

Summary				In	Importance	Status
	272485	USB device 1a86:7523 (serial-to-USB cable) not recognised by CH341 driver		linux (Ubuntu)	Low	Fix Released
	272485	USB device 1a86:7523 (serial-to-USB cable) not recognised by CH341 driver		linux (Ubuntu Hardy)	Undecided	Fix Released

Bug #273103: [Hardy] Fix MSI-X allocation leakage

Summary				In	Importance	Status
	273103	[Hardy] Fix MSI-X allocation leakage		linux (Ubuntu)	Low	Fix Released
	273103	[Hardy] Fix MSI-X allocation leakage		linux (Ubuntu Hardy)	Low	Fix Released

Bug #273143: Hardy: b43legacy does not adjust transmit rate

Summary				In	Importance	Status
	273143	Hardy: b43legacy does not adjust transmit rate		linux (Ubuntu)	Undecided	Fix Released
	273143	Hardy: b43legacy does not adjust transmit rate		linux (Ubuntu Hardy)	Medium	Fix Released

Bug #276334: Prevent reuse of IRQ0 vector when using IO-APIC

Summary				In	Importance	Status
	276334	Prevent reuse of IRQ0 vector when using IO-APIC		linux (Ubuntu)	Medium	Fix Released
	276334	Prevent reuse of IRQ0 vector when using IO-APIC		linux (Ubuntu Hardy)	Medium	Fix Released

Bug #276641: dd on gfs2 cause kernel oops

Summary				In	Importance	Status
	276641	dd on gfs2 cause kernel oops		linux (Ubuntu)	Undecided	Invalid
	276641	dd on gfs2 cause kernel oops		linux (Ubuntu Hardy)	High	Fix Released

Bug #278794: r40E blacklist patch is incorrect

		In	Importance	Status
278794	r40E blacklist patch is incorrect	linux (Ubuntu)	Medium	Fix Released
278794	r40E blacklist patch is incorrect	linux (Ubuntu Hardy)	Medium	Fix Released
278794	r40E blacklist patch is incorrect	linux (Ubuntu Intrepid)	Medium	Fix Released

Bug #291457: LPIA: update LPIA patchset from moblin

Summary				In	Importance	Status
	291457	LPIA: update LPIA patchset from moblin		linux (Ubuntu)	Medium	Fix Released
	291457	LPIA: update LPIA patchset from moblin		linux (Ubuntu Hardy)	Undecided	Fix Released

Bug #298059: [Hardy] Please pull latest changes for openvz

Summary				In	Importance	Status
	298059	[Hardy] Please pull latest changes for openvz		linux (Ubuntu)	Wishlist	Invalid
	298059	[Hardy] Please pull latest changes for openvz		linux (Ubuntu Hardy)	Undecided	Fix Released

Bug #301608: [Hardy] Update kernel to Linux 2.6.24.4

Summary				In	Importance	Status
	301608	[Hardy] Update kernel to Linux 2.6.24.4		linux (Ubuntu)	Undecided	Invalid
	301608	[Hardy] Update kernel to Linux 2.6.24.4		linux (Ubuntu Hardy)	High	Fix Released

Bug #301632: [Hardy] Update kernel to Linux 2.6.24.5

Summary				In	Importance	Status
	301632	[Hardy] Update kernel to Linux 2.6.24.5		linux (Ubuntu)	Undecided	Invalid
	301632	[Hardy] Update kernel to Linux 2.6.24.5		linux (Ubuntu Hardy)	High	Fix Released

Bug #301634: [Hardy] Update kernel to Linux 2.6.24.6/7

Summary				In	Importance	Status
	301634	[Hardy] Update kernel to Linux 2.6.24.6/7		linux (Ubuntu)	Undecided	Invalid
	301634	[Hardy] Update kernel to Linux 2.6.24.6/7		linux (Ubuntu Hardy)	High	Fix Released

Bug #302138: [Hardy] RT: Update to rt21

Summary				In	Importance	Status
	302138	[Hardy] RT: Update to rt21		linux (Ubuntu)	Wishlist	Fix Released
	302138	[Hardy] RT: Update to rt21		linux (Ubuntu Hardy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2008101...
MLIST: [oss-security] 2008101...
CONFIRM: http://git.kernel.org/...
CONFIRM: http://www.kernel.org/...
FEDORA: FEDORA-2008-8929
FEDORA: FEDORA-2008-8980
SECUNIA: 32386
MANDRIVA: MDVSA-2008:224
UBUNTU: USN-679-1
SECUNIA: 32918
REDHAT: RHSA-2008:1017
SECUNIA: 33182
DEBIAN: DSA-1687
SECUNIA: 33180
DEBIAN: DSA-1681
SECUNIA: 32998
REDHAT: RHSA-2009:0009
SECUNIA: 33586
MISC: https://bugzilla.redha...
BID: 31903
SUSE: SUSE-SA:2009:030
SECUNIA: 35390
XF: linux-kernel-dosplicef...
OVAL: oval:org.mitre.oval:de...