CVE Identifier: CVE-2008-4210 Vulnerability Type: Privilege escalation Issue: OS: Linux Severity: High Priority: High Status: CLOSED ERRATA Reported: 2008-09-24 05:40 UTC Fixed In Version: RHSA-2008:0000 - RHSA-2009:0001 Description: The function allows setting the setgid bit on files created in a setgid directory, even when the user is not a member of the group. This allows users to leverage operations like and memory-mapped I/O to turn new files into arbitrary binaries, gaining privileges of the group. Proposed Upstream Patch: Link Additional References: - Bugzilla Reference - Article Reference - Linux Kernel References Addressed via RHSA: RHSA-2008:0787, RHSA-2008:0957, RHSA-2008:0972, RHSA-2008:0973, RHSA-2009:0001