Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4445

Overview

Vulnerability Score 4.7 4.7
CVE Id CVE-2008-4445
Last Modified 29 Oct 2012 11:17:23
Published 06 Oct 2008 03:54:36
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4445

Summary

The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113.

Vulnerable Systems

Operating System

  • Linux Kernel 2.2.27

  • Linux Kernel 2.4.36

  • Linux Kernel 2.4.36.1

  • Linux Kernel 2.4.36.2

  • Linux Kernel 2.4.36.3

  • Linux Kernel 2.4.36.4

  • Linux Kernel 2.4.36.5

  • Linux Kernel 2.4.36.6

  • Linux Kernel 2.6

  • Linux Kernel 2.6.18

  • Linux Kernel 2.6.19.4

  • Linux Kernel 2.6.19.5

  • Linux Kernel 2.6.19.6

  • Linux Kernel 2.6.19.7

  • Linux Kernel 2.6.20.16

  • Linux Kernel 2.6.20.17

  • Linux Kernel 2.6.20.18

  • Linux Kernel 2.6.20.19

  • Linux Kernel 2.6.20.20

  • Linux Kernel 2.6.20.21

  • Linux Kernel 2.6.21.5

  • Linux Kernel 2.6.21.6

  • Linux Kernel 2.6.21.7

  • Linux Kernel 2.6.22

  • Linux Kernel 2.6.22 Rc1

  • Linux Kernel 2.6.22 Rc7

  • Linux Kernel 2.6.22.10

  • Linux Kernel 2.6.22.11

  • Linux Kernel 2.6.22.12

  • Linux Kernel 2.6.22.13

  • Linux Kernel 2.6.22.14

  • Linux Kernel 2.6.22.15

  • Linux Kernel 2.6.22.17

  • Linux Kernel 2.6.22.18

  • Linux Kernel 2.6.22.19

  • Linux Kernel 2.6.22.2

  • Linux Kernel 2.6.22.20

  • Linux Kernel 2.6.22.21

  • Linux Kernel 2.6.22.22

  • Linux Kernel 2.6.22.8

  • Linux Kernel 2.6.22.9

  • Linux Kernel 2.6.23

  • Linux Kernel 2.6.23 Rc1

  • Linux Kernel 2.6.23.10

  • Linux Kernel 2.6.23.11

  • Linux Kernel 2.6.23.12

  • Linux Kernel 2.6.23.13

  • Linux Kernel 2.6.23.15

  • Linux Kernel 2.6.23.16

  • Linux Kernel 2.6.23.17

  • Linux Kernel 2.6.23.8

  • Linux Kernel 2.6.23.9

  • Linux Kernel 2.6.24

  • Linux Kernel 2.6.24 Rc1

  • Linux Kernel 2.6.24 Rc4

  • Linux Kernel 2.6.24 Rc5

  • Linux Kernel 2.6.24.1

  • Linux Kernel 2.6.24.2

  • Linux Kernel 2.6.24.3

  • Linux Kernel 2.6.24.4

  • Linux Kernel 2.6.24.5

  • Linux Kernel 2.6.24.6

  • Linux Kernel 2.6.24.7

  • Linux Kernel 2.6.25

  • Linux Kernel 2.6.25.1

  • Linux Kernel 2.6.25.10

  • Linux Kernel 2.6.25.11

  • Linux Kernel 2.6.25.12

  • Linux Kernel 2.6.25.13

  • Linux Kernel 2.6.25.14

  • Linux Kernel 2.6.25.15

  • Linux Kernel 2.6.25.2

  • Linux Kernel 2.6.25.3

  • Linux Kernel 2.6.25.4

  • Linux Kernel 2.6.25.5

  • Linux Kernel 2.6.25.6

  • Linux Kernel 2.6.25.7

  • Linux Kernel 2.6.25.8

  • Linux Kernel 2.6.25.9


References

UBUNTU - USN-659-1

SECTRACK - 1021001

BID - 31121

REDHAT - RHSA-2008:0857

MLIST - [oss-security] 20080929 Re: CVE-2008-4113 update: kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option

MLIST - [oss-security] 20080927 Re: CVE-2008-4113 update: kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option

MLIST - [oss-security] 20080926 Re: CVE-2008-4113 update: kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option

MLIST - [oss-security] 20080925 CVE-2008-4113 update: kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option

MANDRIVA - MDVSA-2008:223

CONFIRM - http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4

DEBIAN - DSA-1655

SECUNIA - 32393

SECUNIA - 32190

MLIST - [linux-sctp] 20080827 [PATCH 2/2] sctp: fix random memory dereference with SCTP_HMAC_IDENT option.

MLIST - [linux-sctp] 20080827 [PATCH 0/2] sctp: additional overflow fixes

SUSE - SUSE-SA:2008:053

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=d97240552cd98c4b07322f30f66fd9c3ba4171de

SECUNIA - 32315


Last Updated: 27 May 2016 10:57:30