Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2729

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2008-2729
Last Modified 21 Aug 2010 01:21:19
Published 30 Jun 2008 06:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-2729

Summary

arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.

Vulnerable Systems

Operating System

  • Red Hat Linux Kernel 2.6.0

  • Red Hat Linux Kernel 2.6.1

  • Red Hat Linux Kernel 2.6.10

  • Red Hat Linux Kernel 2.6.11

  • Red Hat Linux Kernel 2.6.12

  • Red Hat Linux Kernel 2.6.13

  • Red Hat Linux Kernel 2.6.14

  • Red Hat Linux Kernel 2.6.15

  • Red Hat Linux Kernel 2.6.16

  • Red Hat Linux Kernel 2.6.17

  • Red Hat Linux Kernel 2.6.18

  • Red Hat Linux Kernel 2.6.2

  • Red Hat Linux Kernel 2.6.3

  • Red Hat Linux Kernel 2.6.4

  • Red Hat Linux Kernel 2.6.5

  • Red Hat Linux Kernel 2.6.6

  • Red Hat Linux Kernel 2.6.7

  • Red Hat Linux Kernel 2.6.8

  • Red Hat Linux Kernel 2.6.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=451271

XF - linux-kernel-destination-info-disclosure(43558)

UBUNTU - USN-625-1

SECTRACK - 1020364

BID - 29943

REDHAT - RHSA-2008:0585

REDHAT - RHSA-2008:0519

MANDRIVA - MDVSA-2008:174

DEBIAN - DSA-1630

SECUNIA - 31628

SECUNIA - 31551

SECUNIA - 31107

SECUNIA - 30850

SECUNIA - 30849

REDHAT - RHSA-2008:0508

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3022d734a54cbd2b65eea9a024564821101b4a9a;hp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff


Last Updated: 27 May 2016 10:47:58