Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0009

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2008-0009
Last Modified 07 Mar 2011 10:03:46
Published 12 Feb 2008 04:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-0009

Summary

The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.22

  • Linux Kernel 2.6.22.1

  • Linux Kernel 2.6.22.16

  • Linux Kernel 2.6.22.3

  • Linux Kernel 2.6.22.4

  • Linux Kernel 2.6.22.5

  • Linux Kernel 2.6.22.6

  • Linux Kernel 2.6.22.7

  • Linux Kernel 2.6.23

  • Linux Kernel 2.6.23.1

  • Linux Kernel 2.6.23.14

  • Linux Kernel 2.6.23.2

  • Linux Kernel 2.6.23.3

  • Linux Kernel 2.6.23.4

  • Linux Kernel 2.6.23.5

  • Linux Kernel 2.6.23.6

  • Linux Kernel 2.6.23.7

  • Linux Kernel 2.6.23.9

  • Linux Kernel 2.6.24


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=431206

VUPEN - ADV-2008-0487

CONFIRM - http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1

MISC - http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt

FEDORA - FEDORA-2008-1423

FEDORA - FEDORA-2008-1422

BID - 27799

BID - 27704

BUGTRAQ - 20080212 CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference

SECUNIA - 28896

SECUNIA - 28835


Last Updated: 27 May 2016 10:46:38