The do_splice_from function in fs/splice.c in the Linux kernel before
2.6.27 does not reject file descriptors that have the O_APPEND flag set,
which allows local users to bypass append mode and make arbitrary changes
to other locations in the file.
Olaf Kirch and Miklos Szeredi discovered that the Linux kernel did not
correctly reject the "append" flag when handling file splice requests. A
local attacker could bypass append mode and make changes to arbitrary
locations in a file. This issue only affected Ubuntu 7.10 and 8.04.
(code not present)
Updated: 2015-07-29 20:33:44 UTC (commit 9756)