Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3911

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-3911
Last Modified 19 Mar 2012 12:00:00
Published 04 Sep 2008 01:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-3911

Summary

The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.26.3


References

XF - linux-kernel-procdoxprt-bo(45136)

BID - 31937

MLIST - [oss-security] 20080904 CVE request: kernel: sunrpc: fix possible overrun on read of /proc/sys/sunrpc/transports

MLIST - [linux-kernel] 20080830 Re: buffer overflow in /proc/sys/sunrpc/transports

MLIST - [linux-kernel] 20080830 buffer overflow in /proc/sys/sunrpc/transports

SUSE - SUSE-SA:2008:053

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=27df6f25ff218072e0e879a96beeb398a79cdbc8


Last Updated: 27 May 2016 10:49:34