CVE-2008-4554MediumConfirmedExploit available
DEB
DEB
Debian Security Advisories (DSA)
DSAs are published by the Debian Security Team for issues affecting the stable distribution. The downstream tracker (security-tracker.debian.org) additionally maps every CVE to its package-level status across all supported suites.
Region
Intl.
Updates
1 ч
License
Public Domain
Advisories covering the Debian stable and oldstable releases. Ship notes include the exact .deb version that remediates each issue.
https://www.debian.org/security/ →Share link
Anyone with the link can open this vulnerability.
The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag s…
CVSS
4.6
Medium
EPSS
0.00
p20
Published
2008-01-01
Updated
2008-01-01
Description
The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.
Tags · CWE
LPE
CWE-264
CWE-264CategoryObsolete
Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
https://cwe.mitre.org/data/definitions/264.html →Open in CWE collection →Affected products
Linux_kernel ≤ 2.6.26.5Linux_kernel
CVSS vector
AV:L/AC:L/Au:N/C:P/I:P/A:P
Timeline
2008-01-01
Published
2008-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: L
Low (L)
Authentication
Au: N
None (N)
Confidentiality Impact
C: P
Partial
Integrity Impact
I: P
Partial
Availability Impact
A: P
Partial
Exploit indicators
EPSS
0.001 · p20
Known exploited (KEV)
No
Known exploits — Сканер-ВС
30080
exploitdb · https://www.exploit-db.com/exploits/30080
30604
exploitdb · https://www.exploit-db.com/exploits/30604
30605
exploitdb · https://www.exploit-db.com/exploits/30605
4460
exploitdb · https://www.exploit-db.com/exploits/4460
6851
exploitdb · https://www.exploit-db.com/exploits/6851
7618
exploitdb · https://www.exploit-db.com/exploits/7618
CVE-2006-4814
github-poc · https://github.com/tagatac/linux-CVE-2006-4814
Affected software
| Product | Vendor | Status |
|---|---|---|
| kernel | Tracked | |
| kernel-rt | Tracked | |
| linux | Tracked | |
| linux-2.6 | Tracked | |
| linux-2.6.24 | Tracked | |
| linux_kernel | * | Tracked |
Source databases
DEB
DEB
Debian Security Advisories (DSA)
DSAs are published by the Debian Security Team for issues affecting the stable distribution. The downstream tracker (security-tracker.debian.org) additionally maps every CVE to its package-level status across all supported suites.
Region
Intl.
Updates
1 ч
License
Public Domain
Advisories covering the Debian stable and oldstable releases. Ship notes include the exact .deb version that remediates each issue.
https://www.debian.org/security/ →CVE
CVE
National Vulnerability Database
NVD is the U.S. government repository of standards-based vulnerability management data, built on top of the MITRE CVE list. Every record includes CPE applicability statements, CVSS v2 and v3.x base scores, CWE mappings and cross-references to advisories.
Region
US
Updates
15 min
License
Public Domain
Comprehensive catalog of publicly disclosed vulnerabilities with CPE matches, CVSS scoring and reference URLs. De-facto standard for cross-vendor correlation.
https://nvd.nist.gov →RED
RED
Red Hat Security Advisories (RHSA)
Red Hat advisories are authoritative for RHEL-family systems: each record lists the exact package NEVRA fixed, the affected streams, and a Red Hat-assigned severity that may differ from NVD's. Many downstream projects (CentOS Stream, Rocky, Alma) follow these IDs.
Region
US
Updates
1 ч
License
CC BY-SA 4.0
Advisories for Red Hat Enterprise Linux, OpenShift, Ansible and other Red Hat products. Includes detailed backport tracking — critical for long-term-support distributions.
https://access.redhat.com/security/security-updates/ →UBU
UBU
Ubuntu Security Notices (USN)
USNs are authoritative for Ubuntu systems. The CVE Tracker links each vulnerability to its per-release status (needed, released, not-affected) and to the exact Launchpad bug where the fix is integrated.
Region
Intl.
Updates
1 ч
License
CC BY-SA 3.0
Security notices for Ubuntu LTS and interim releases, covering main, universe and (via Pro) ESM-extended packages.
https://ubuntu.com/security/notices →Related vulnerabilities
BDU:2015-00886BDU:2015-01470BDU:2015-01471BDU:2015-01472BDU:2015-01473BDU:2015-01474BDU:2015-01475BDU:2015-01476BDU:2015-01477BDU:2015-01478BDU:2015-01479BDU:2015-01480BDU:2015-01481BDU:2015-01482BDU:2015-01483BDU:2015-01484BDU:2015-01485BDU:2015-01486BDU:2015-01487BDU:2015-01488BDU:2015-01489BDU:2015-01490BDU:2015-01491BDU:2015-01492BDU:2015-01493BDU:2015-01494BDU:2015-01495BDU:2015-01496BDU:2015-01497BDU:2015-01498BDU:2015-01499BDU:2015-01500BDU:2015-01501BDU:2015-01502BDU:2015-01503BDU:2015-01504BDU:2015-01505BDU:2015-01506BDU:2015-01507BDU:2015-01508BDU:2015-01509BDU:2015-01510BDU:2015-01511BDU:2015-01512BDU:2015-01513BDU:2015-01514BDU:2015-01515BDU:2015-01516BDU:2015-01517BDU:2015-01518BDU:2015-01519BDU:2015-01520BDU:2015-01521BDU:2015-01522BDU:2015-01523BDU:2015-01524BDU:2015-01525BDU:2015-01526BDU:2015-01527BDU:2015-01528BDU:2015-01529BDU:2015-01530BDU:2015-01531BDU:2015-01532BDU:2015-01533BDU:2015-01534BDU:2015-01535BDU:2015-01536BDU:2015-01537BDU:2015-01538BDU:2015-01539BDU:2015-01540BDU:2015-01541BDU:2015-01542BDU:2015-01543BDU:2015-01544BDU:2015-01545BDU:2015-01546BDU:2015-01547BDU:2015-01548BDU:2015-01549BDU:2015-01550BDU:2015-01551BDU:2015-01552BDU:2015-01553BDU:2015-01554BDU:2015-01555BDU:2015-01556BDU:2015-01557BDU:2015-01558BDU:2015-01559BDU:2015-01560BDU:2015-01561BDU:2015-01562BDU:2015-01563BDU:2015-01564BDU:2015-01565BDU:2015-01566BDU:2015-01567BDU:2015-01568BDU:2015-01569BDU:2015-01570BDU:2015-01571BDU:2015-01572BDU:2015-01573BDU:2015-01574BDU:2015-01575BDU:2015-01576BDU:2015-01577BDU:2015-01578BDU:2015-01579BDU:2015-01580BDU:2015-01581BDU:2015-01582BDU:2015-01583BDU:2015-01584BDU:2015-01585BDU:2015-01586BDU:2015-01587BDU:2015-01588BDU:2015-01589BDU:2015-01590BDU:2015-01591BDU:2015-01592BDU:2015-01593BDU:2015-01594