Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4849

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2007-4849
Last Modified 05 Sep 2008 05:29:17
Published 12 Sep 2007 04:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4849

Summary

JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access restricted files or directories after a remount of a filesystem, related to "legacy modes" and an inconsistency between dentry permissions and inode permissions.

Vulnerable Systems

Application

  • One Laptop Per Child Olpc Linux Build 542


References

MLIST - [linux-mtd] 20070822 [JFFS2] Fix ACL vs. mode handling.

CONFIRM - http://git.infradead.org/?p=mtd-2.6.git;a=commitdiff;h=9ed437c50d89eabae763dd422579f73fdebf288d

CONFIRM - http://dev.laptop.org/ticket/2732

UBUNTU - USN-574-1

UBUNTU - USN-558-1

BID - 25838

DEBIAN - DSA-1378

SECUNIA - 28706

SECUNIA - 28170

SECUNIA - 26978


Last Updated: 27 May 2016 10:45:58