Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3247

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-3247
Last Modified 19 Mar 2012 12:00:00
Published 24 Jul 2008 11:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-3247

Summary

The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.25

  • Linux Kernel 2.6.25.1

  • Linux Kernel 2.6.25.10

  • Linux Kernel 2.6.25.11

  • Linux Kernel 2.6.25.12

  • Linux Kernel 2.6.25.2

  • Linux Kernel 2.6.25.3

  • Linux Kernel 2.6.25.4

  • Linux Kernel 2.6.25.5

  • Linux Kernel 2.6.25.6

  • Linux Kernel 2.6.25.7

  • Linux Kernel 2.6.25.8

  • Linux Kernel 2.6.25.9


References

SUSE - SUSE-SA:2008:037

XF - linux-kernel-ldt-dos(43979)

SECTRACK - 1020544

BID - 30351

CONFIRM - http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.11

SECUNIA - 31202

SECUNIA - 31172

CONFIRM - http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;h=74454a6a286bfce4bb23d89bd465f856fa6a6e19


Last Updated: 27 May 2016 10:47:10