Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0600

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-0600
Last Modified 19 Mar 2012 12:00:00
Published 12 Feb 2008 04:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-0600

Summary

The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.17

  • Linux Kernel 2.6.17.1

  • Linux Kernel 2.6.17.10

  • Linux Kernel 2.6.17.11

  • Linux Kernel 2.6.17.12

  • Linux Kernel 2.6.17.13

  • Linux Kernel 2.6.17.14

  • Linux Kernel 2.6.17.2

  • Linux Kernel 2.6.17.3

  • Linux Kernel 2.6.17.4

  • Linux Kernel 2.6.17.5

  • Linux Kernel 2.6.17.6

  • Linux Kernel 2.6.17.7

  • Linux Kernel 2.6.17.8

  • Linux Kernel 2.6.17.9

  • Linux Kernel 2.6.18

  • Linux Kernel 2.6.18.1

  • Linux Kernel 2.6.18.2

  • Linux Kernel 2.6.18.3

  • Linux Kernel 2.6.18.4

  • Linux Kernel 2.6.18.5

  • Linux Kernel 2.6.18.6

  • Linux Kernel 2.6.18.7

  • Linux Kernel 2.6.18.8

  • Linux Kernel 2.6.19

  • Linux Kernel 2.6.19.0

  • Linux Kernel 2.6.19.1

  • Linux Kernel 2.6.19.2

  • Linux Kernel 2.6.19.3

  • Linux Kernel 2.6.20

  • Linux Kernel 2.6.20.1

  • Linux Kernel 2.6.20.10

  • Linux Kernel 2.6.20.11

  • Linux Kernel 2.6.20.12

  • Linux Kernel 2.6.20.13

  • Linux Kernel 2.6.20.14

  • Linux Kernel 2.6.20.15

  • Linux Kernel 2.6.20.2

  • Linux Kernel 2.6.20.3

  • Linux Kernel 2.6.20.4

  • Linux Kernel 2.6.20.5

  • Linux Kernel 2.6.20.6

  • Linux Kernel 2.6.20.7

  • Linux Kernel 2.6.20.8

  • Linux Kernel 2.6.20.9

  • Linux Kernel 2.6.21

  • Linux Kernel 2.6.21.1

  • Linux Kernel 2.6.21.2

  • Linux Kernel 2.6.21.3

  • Linux Kernel 2.6.21.4

  • Linux Kernel 2.6.22

  • Linux Kernel 2.6.22.1

  • Linux Kernel 2.6.22.16

  • Linux Kernel 2.6.22.3

  • Linux Kernel 2.6.22.4

  • Linux Kernel 2.6.22.5

  • Linux Kernel 2.6.22.6

  • Linux Kernel 2.6.22.7

  • Linux Kernel 2.6.23

  • Linux Kernel 2.6.23.1

  • Linux Kernel 2.6.23.14

  • Linux Kernel 2.6.23.2

  • Linux Kernel 2.6.23.3

  • Linux Kernel 2.6.23.4

  • Linux Kernel 2.6.23.5

  • Linux Kernel 2.6.23.6

  • Linux Kernel 2.6.23.7

  • Linux Kernel 2.6.23.9

  • Linux Kernel 2.6.24

  • Linux Kernel 2.6.24.1


References

VUPEN - ADV-2008-0487

MILW0RM - 5092

SECUNIA - 30818

MLIST - [linux-kernel] 20080210 Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit

SUSE - SUSE-SA:2008:030

FEDORA - FEDORA-2008-1629

FEDORA - FEDORA-2008-1433

FEDORA - FEDORA-2008-1423

FEDORA - FEDORA-2008-1422

CONFIRM - https://issues.rpath.com/browse/RPL-2237

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=432517

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=432229

UBUNTU - USN-577-1

BID - 27801

BID - 27704

BUGTRAQ - 20080212 rPSA-2008-0052-1 kernel

REDHAT - RHSA-2008:0129

MANDRIVA - MDVSA-2008:044

MANDRIVA - MDVSA-2008:043

DEBIAN - DSA-1494

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0052

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0052

SECTRACK - 1019393

SECUNIA - 29245

SECUNIA - 28937

SECUNIA - 28933

SECUNIA - 28925

SECUNIA - 28912

SECUNIA - 28896

SECUNIA - 28889

SECUNIA - 28875

SECUNIA - 28858

SECUNIA - 28835

SUSE - SUSE-SA:2008:013

SUSE - SUSE-SA:2008:007


Last Updated: 27 May 2016 10:47:10