Vigil@nce: Linux kernel, date changing via sys_utimensat
May 2008 by Vigil@nce
A local attacker can use utimensat() to change the date of a file.
Gravity: 1/4
CVSS: 3.6/10
Consequences: data creation/edition
Provenance: user account
Means of attack: 1 proof of concept
Ability of attacker: specialist (3/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 14/05/2008
Identifier: VIGILANCE-VUL-7826
AFFECTED PRODUCTS
Linux kernel versions 2.6.22, 2.6.22.1, 2.6.22.2, 2.6.22.3,
2.6.22.4, 2.6.22.5, 2.6.22.6, 2.6.22.7, 2.6.22.8, 2.6.22.9,
2.6.22.10, 2.6.22.11, 2.6.22.12, 2.6.22.13, 2.6.22.14, 2.6.22.15,
2.6.22.16, 2.6.22.17, 2.6.22.18, 2.6.22.19, 2.6.23, 2.6.23.1,
2.6.23.2, 2.6.23.3, 2.6.23.4, 2.6.23.5, 2.6.23.6, 2.6.23.7,
2.6.23.8, 2.6.23.9, 2.6.23.10, 2.6.23.11, 2.6.23.12, 2.6.23.13,
2.6.23.14, 2.6.23.15, 2.6.23.16, 2.6.23.17, 2.6.24, 2.6.24.1,
2.6.24.2, 2.6.24.3, 2.6.24.4, 2.6.24.5, 2.6.24.6, 2.6.24.7,
2.6.25, 2.6.25.1, 2.6.25.2
Similar products or versions inferior to those indicated may also
be affected.
DESCRIPTION
The utimensat() system call, introduced in version 2.6.22,
precisely defines the date of a file. Values for the timespec
structure can be:
– UTIME_OMIT : does not change the date
– UTIME_NOW : use the current date
However, when access and modification times are set to UTIME_NOW
(or one to UTIME_NOW and the other to UTIME_OMIT) the file date is
changed without checking if the user is the file owner.
A local attacker can thus actualize the date of a file.
CHARACTERISTICS
Identifiers: BID-29134, CVE-2008-2148, VIGILANCE-VUL-7826
CVSS score: 3.6/10 (CVE-2008-2148)
Url: https://vigilance.aql.fr/tree/1/7826