*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: linux-source-2.6.20 CVE-2008-2931 description: "The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2931 Dapper and Feisty might be affected. ** Affects: linux-source-2.6.15 (Ubuntu) Importance: Undecided Status: New ** Affects: linux-source-2.6.20 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Also affects: linux-source-2.6.15 (Ubuntu) Importance: Undecided Status: New ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2931 -- [CVE-2008-2931] Local privilege escalation in Linux (do_change_type() in fs/namespace.c) https://bugs.launchpad.net/bugs/253787 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
