阿里云漏洞库

2.6.22之前的Linux内核中的fs / namespace.c中的do_change_type函数不验证调用者是否具有CAP_SYS_ADMIN功能，该功能允许本地用户通过修改mountpoint的属性来获得权限或导致拒绝服务。

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdi...
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://secunia.com/advisories/30982
http://secunia.com/advisories/31551
http://secunia.com/advisories/31614
http://secunia.com/advisories/32023
http://secunia.com/advisories/32759
http://www.debian.org/security/2008/dsa-1630
http://www.openwall.com/lists/oss-security/2008/07/08/3
http://www.openwall.com/lists/oss-security/2008/07/08/4
http://www.redhat.com/support/errata/RHSA-2008-0885.html
http://www.securityfocus.com/bid/30126
https://bugzilla.redhat.com/show_bug.cgi?id=454388
https://exchange.xforce.ibmcloud.com/vulnerabilities/43696
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://usn.ubuntu.com/637-1/

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	canonical	ubuntu_linux	6.06	-
	运行在以下环境
	系统	canonical	ubuntu_linux	7.04	-
	运行在以下环境
	系统	canonical	ubuntu_linux	7.10	-
	运行在以下环境
	系统	canonical	ubuntu_linux	8.04	-
	运行在以下环境
	系统	centos_5	kernel	*		Up to (excluding) 2.6.18-92.1.13.el5
	运行在以下环境
	系统	debian	debian_linux	4.0	-
	运行在以下环境
	系统	linux	linux_kernel	*		Up to (excluding) 2.6.22
	运行在以下环境
	系统	novell	suse_linux_enterprise_desktop	10.0	-
	运行在以下环境
	系统	novell	suse_linux_enterprise_server	10.0	-
	运行在以下环境
	系统	opensuse	opensuse	*	From (including) 10.3	Up to (including) 11.0
	运行在以下环境
	系统	oracle_5	kernel	*		Up to (excluding) 2.6.18-92.1.13.0.1.el5
	运行在以下环境
	系统	redhat_5	kernel	*		Up to (excluding) 0:2.6.18-92.1.13.el5
	运行在以下环境
	系统	suse_10	kernel-debug	*		Up to (excluding) 2.6.16.60-0.27

CWE-ID	漏洞类型
CWE-269	特权管理不恰当