Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3527

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-3527
Last Modified 10 Jun 2013 12:00:00
Published 05 Nov 2008 10:00:14
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-3527

Summary

arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions.

Vulnerable Systems

Operating System

  • Linux Kernel 2.2.27

  • Linux Kernel 2.4.36

  • Linux Kernel 2.4.36.1

  • Linux Kernel 2.4.36.2

  • Linux Kernel 2.4.36.3

  • Linux Kernel 2.4.36.4

  • Linux Kernel 2.4.36.5

  • Linux Kernel 2.4.36.6

  • Linux Kernel 2.6

  • Linux Kernel 2.6.18

  • Linux Kernel 2.6.19.4

  • Linux Kernel 2.6.19.5

  • Linux Kernel 2.6.19.6

  • Linux Kernel 2.6.19.7

  • Linux Kernel 2.6.20.16

  • Linux Kernel 2.6.20.17

  • Linux Kernel 2.6.20.18

  • Linux Kernel 2.6.20.19

  • Linux Kernel 2.6.20.20

  • Linux Kernel 2.6.20.21


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=460251

SECTRACK - 1021137

REDHAT - RHSA-2008:0957

CONFIRM - http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21

DEBIAN - DSA-1687

SECUNIA - 33180

SECUNIA - 32759

SECUNIA - 32485

SUSE - SUSE-SR:2008:025

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7d91d531900bfa1165d445390b3b13a8013f98f7


Last Updated: 27 May 2016 10:57:29