Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5029

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2008-5029
Last Modified 05 Nov 2012 11:11:16
Published 10 Nov 2008 11:15:12
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-5029

Summary

The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.

Vulnerable Systems

Operating System

  • Linux Kernel 2.2.27

  • Linux Kernel 2.4.36

  • Linux Kernel 2.4.36.1

  • Linux Kernel 2.4.36.2

  • Linux Kernel 2.4.36.3

  • Linux Kernel 2.4.36.4

  • Linux Kernel 2.4.36.5

  • Linux Kernel 2.4.36.6

  • Linux Kernel 2.6

  • Linux Kernel 2.6.18

  • Linux Kernel 2.6.19.4

  • Linux Kernel 2.6.19.5

  • Linux Kernel 2.6.19.6

  • Linux Kernel 2.6.19.7

  • Linux Kernel 2.6.20.16

  • Linux Kernel 2.6.20.17

  • Linux Kernel 2.6.20.18

  • Linux Kernel 2.6.20.19

  • Linux Kernel 2.6.20.20

  • Linux Kernel 2.6.20.21

  • Linux Kernel 2.6.21.5

  • Linux Kernel 2.6.21.6

  • Linux Kernel 2.6.21.7

  • Linux Kernel 2.6.22

  • Linux Kernel 2.6.22 Rc1

  • Linux Kernel 2.6.22 Rc7

  • Linux Kernel 2.6.22.1

  • Linux Kernel 2.6.22.10

  • Linux Kernel 2.6.22.11

  • Linux Kernel 2.6.22.12

  • Linux Kernel 2.6.22.13

  • Linux Kernel 2.6.22.14

  • Linux Kernel 2.6.22.15

  • Linux Kernel 2.6.22.17

  • Linux Kernel 2.6.22.18

  • Linux Kernel 2.6.22.19

  • Linux Kernel 2.6.22.2

  • Linux Kernel 2.6.22.20

  • Linux Kernel 2.6.22.21

  • Linux Kernel 2.6.22.22

  • Linux Kernel 2.6.22.8

  • Linux Kernel 2.6.22.9

  • Linux Kernel 2.6.23

  • Linux Kernel 2.6.23 Rc1

  • Linux Kernel 2.6.23.10

  • Linux Kernel 2.6.23.11

  • Linux Kernel 2.6.23.12

  • Linux Kernel 2.6.23.13

  • Linux Kernel 2.6.23.15

  • Linux Kernel 2.6.23.16

  • Linux Kernel 2.6.23.17

  • Linux Kernel 2.6.23.8

  • Linux Kernel 2.6.23.9

  • Linux Kernel 2.6.24

  • Linux Kernel 2.6.24 Rc1

  • Linux Kernel 2.6.24 Rc4

  • Linux Kernel 2.6.24 Rc5

  • Linux Kernel 2.6.24.1

  • Linux Kernel 2.6.24.2

  • Linux Kernel 2.6.24.3

  • Linux Kernel 2.6.24.4

  • Linux Kernel 2.6.24.5

  • Linux Kernel 2.6.24.6

  • Linux Kernel 2.6.24.7

  • Linux Kernel 2.6.25

  • Linux Kernel 2.6.25.1

  • Linux Kernel 2.6.25.10

  • Linux Kernel 2.6.25.11

  • Linux Kernel 2.6.25.12

  • Linux Kernel 2.6.25.13

  • Linux Kernel 2.6.25.14

  • Linux Kernel 2.6.25.15

  • Linux Kernel 2.6.25.16

  • Linux Kernel 2.6.25.17

  • Linux Kernel 2.6.25.2

  • Linux Kernel 2.6.25.3

  • Linux Kernel 2.6.25.4

  • Linux Kernel 2.6.25.5

  • Linux Kernel 2.6.25.6

  • Linux Kernel 2.6.25.7

  • Linux Kernel 2.6.25.8

  • Linux Kernel 2.6.25.9

  • Linux Kernel 2.6.26

  • Linux Kernel 2.6.26.1

  • Linux Kernel 2.6.26.2

  • Linux Kernel 2.6.26.3

  • Linux Kernel 2.6.26.4

  • Linux Kernel 2.6.26.5

  • Linux Kernel 2.6.27

  • Linux Kernel 2.6.27.1

  • Linux Kernel 2.6.27.2

  • Linux Kernel 2.6.27.3

  • Linux Kernel 2.6.27.4


References

BID - 32154

REDHAT - RHSA-2009:1550

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=470201

UBUNTU - USN-679-1

SECTRACK - 1021511

SECTRACK - 1021292

BID - 33079

BUGTRAQ - 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel

BUGTRAQ - 20090101 Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit

REDHAT - RHSA-2009:0225

REDHAT - RHSA-2009:0014

REDHAT - RHSA-2009:0009

MLIST - [oss-security] 20081106 CVE request: kernel: Unix sockets kernel panic

MANDRIVA - MDVSA-2008:234

DEBIAN - DSA-1687

DEBIAN - DSA-1681

SREASON - 4573

SECUNIA - 33704

SECUNIA - 33641

SECUNIA - 33623

SECUNIA - 33586

SECUNIA - 33556

SECUNIA - 33180

SECUNIA - 32998

SECUNIA - 32918

MLIST - [linux-netdev] 20081106 UNIX sockets kernel panic

SUSE - SUSE-SA:2009:008

SUSE - SUSE-SA:2009:004

SUSE - SUSE-SA:2008:057

MISC - http://darkircop.org/unix.c

XF - linux-kernel-scmdestroy-dos(46538)

CONFIRM - http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.9

BUGTRAQ - 20090104 Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit

BUGTRAQ - 20090103 Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit


Last Updated: 27 May 2016 10:57:30