Vigil@nce: Linux kernel, denial of service via do_change_type
July 2008 by Vigil@nce
A local attacker can use do_change_type() to change parameters of
a mount point.
– Gravity: 1/4
– Consequences: denial of service of service
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: low (1/3)
– Creation date: 08/07/2008
– Identifier: VIGILANCE-VUL-7934
IMPACTED PRODUCTS
Linux kernel [confidential versions]
DESCRIPTION
The do_change_type() function of fs/namespace.c change parameters
of a mount point.
Normally, only an administrator should be able to use it (directly
or via mount). However, this function does not check if user has
the CAP_SYS_ADMIN capability.
A local non privileged attacker can therefore change parameters of
a mount point to deny their mount or to share them.
CHARACTERISTICS
– Identifiers: 454388, CVE-2008-2931, VIGILANCE-VUL-7934
– Url: https://vigilance.aql.fr/tree/1/7934