Lucene search

[email protected]NVD:CVE-2008-4113

HistorySep 16, 2008 - 11:00 p.m.

CVE-2008-4113

2008-09-1623:00:01

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

Percentile

10.4%

JSON

The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.

Affected configurations

Nvd

Node

linuxlinux_kernelRange≤2.6.25.14

linuxlinux_kernelMatch2.2.27

linuxlinux_kernelMatch2.4.36

linuxlinux_kernelMatch2.4.36.1

linuxlinux_kernelMatch2.4.36.2

linuxlinux_kernelMatch2.4.36.3

linuxlinux_kernelMatch2.4.36.4

linuxlinux_kernelMatch2.4.36.5

linuxlinux_kernelMatch2.4.36.6

linuxlinux_kernelMatch2.6

linuxlinux_kernelMatch2.6.18

linuxlinux_kernelMatch2.6.18rc1

linuxlinux_kernelMatch2.6.18rc2

linuxlinux_kernelMatch2.6.18rc3

linuxlinux_kernelMatch2.6.18rc4

linuxlinux_kernelMatch2.6.18rc5

linuxlinux_kernelMatch2.6.18rc6

linuxlinux_kernelMatch2.6.18rc7

linuxlinux_kernelMatch2.6.19.4

linuxlinux_kernelMatch2.6.19.5

linuxlinux_kernelMatch2.6.19.6

linuxlinux_kernelMatch2.6.19.7

linuxlinux_kernelMatch2.6.20.16

linuxlinux_kernelMatch2.6.20.17

linuxlinux_kernelMatch2.6.20.18

linuxlinux_kernelMatch2.6.20.19

linuxlinux_kernelMatch2.6.20.20

linuxlinux_kernelMatch2.6.20.21

linuxlinux_kernelMatch2.6.21.5

linuxlinux_kernelMatch2.6.21.6

linuxlinux_kernelMatch2.6.21.7

linuxlinux_kernelMatch2.6.22

linuxlinux_kernelMatch2.6.22.2

linuxlinux_kernelMatch2.6.22.8

linuxlinux_kernelMatch2.6.22.9

linuxlinux_kernelMatch2.6.22.10

linuxlinux_kernelMatch2.6.22.11

linuxlinux_kernelMatch2.6.22.12

linuxlinux_kernelMatch2.6.22.13

linuxlinux_kernelMatch2.6.22.14

linuxlinux_kernelMatch2.6.22.15

linuxlinux_kernelMatch2.6.22.17

linuxlinux_kernelMatch2.6.22.18

linuxlinux_kernelMatch2.6.22.19

linuxlinux_kernelMatch2.6.22.20

linuxlinux_kernelMatch2.6.22.21

linuxlinux_kernelMatch2.6.22.22

linuxlinux_kernelMatch2.6.22_rc1

linuxlinux_kernelMatch2.6.22_rc7

linuxlinux_kernelMatch2.6.23

linuxlinux_kernelMatch2.6.23.8

linuxlinux_kernelMatch2.6.23.9

linuxlinux_kernelMatch2.6.23.10

linuxlinux_kernelMatch2.6.23.11

linuxlinux_kernelMatch2.6.23.12

linuxlinux_kernelMatch2.6.23.13

linuxlinux_kernelMatch2.6.23.15

linuxlinux_kernelMatch2.6.23.16

linuxlinux_kernelMatch2.6.23.17

linuxlinux_kernelMatch2.6.23_rc1

linuxlinux_kernelMatch2.6.24

linuxlinux_kernelMatch2.6.24.1

linuxlinux_kernelMatch2.6.24.2

linuxlinux_kernelMatch2.6.24.3

linuxlinux_kernelMatch2.6.24.4

linuxlinux_kernelMatch2.6.24.5

linuxlinux_kernelMatch2.6.24.6

linuxlinux_kernelMatch2.6.24.7

linuxlinux_kernelMatch2.6.24_rc1

linuxlinux_kernelMatch2.6.24_rc4

linuxlinux_kernelMatch2.6.24_rc5

linuxlinux_kernelMatch2.6.25

linuxlinux_kernelMatch2.6.25x86_64

linuxlinux_kernelMatch2.6.25.1

linuxlinux_kernelMatch2.6.25.1x86_64

linuxlinux_kernelMatch2.6.25.2

linuxlinux_kernelMatch2.6.25.2x86_64

linuxlinux_kernelMatch2.6.25.3

linuxlinux_kernelMatch2.6.25.3x86_64

linuxlinux_kernelMatch2.6.25.4

linuxlinux_kernelMatch2.6.25.4x86_64

linuxlinux_kernelMatch2.6.25.5

linuxlinux_kernelMatch2.6.25.5x86_64

linuxlinux_kernelMatch2.6.25.6

linuxlinux_kernelMatch2.6.25.6x86_64

linuxlinux_kernelMatch2.6.25.7

linuxlinux_kernelMatch2.6.25.7x86_64

linuxlinux_kernelMatch2.6.25.8

linuxlinux_kernelMatch2.6.25.8x86_64

linuxlinux_kernelMatch2.6.25.9

linuxlinux_kernelMatch2.6.25.9x86_64

linuxlinux_kernelMatch2.6.25.10

linuxlinux_kernelMatch2.6.25.10x86_64

linuxlinux_kernelMatch2.6.25.11

linuxlinux_kernelMatch2.6.25.11x86_64

linuxlinux_kernelMatch2.6.25.12

linuxlinux_kernelMatch2.6.25.12x86_64

linuxlinux_kernelMatch2.6.25.13

linuxlinux_kernelMatch2.6.25.15

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel2.2.27cpe:2.3:o:linux:linux_kernel:2.2.27:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36cpe:2.3:o:linux:linux_kernel:2.4.36:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.1cpe:2.3:o:linux:linux_kernel:2.4.36.1:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.2cpe:2.3:o:linux:linux_kernel:2.4.36.2:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.3cpe:2.3:o:linux:linux_kernel:2.4.36.3:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.4cpe:2.3:o:linux:linux_kernel:2.4.36.4:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.5cpe:2.3:o:linux:linux_kernel:2.4.36.5:*:*:*:*:*:*:*
linuxlinux_kernel2.4.36.6cpe:2.3:o:linux:linux_kernel:2.4.36.6:*:*:*:*:*:*:*
linuxlinux_kernel2.6cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	2.2.27	cpe:2.3:o:linux:linux_kernel:2.2.27:::::::*
linux	linux_kernel	2.4.36	cpe:2.3:o:linux:linux_kernel:2.4.36:::::::*
linux	linux_kernel	2.4.36.1	cpe:2.3:o:linux:linux_kernel:2.4.36.1:::::::*
linux	linux_kernel	2.4.36.2	cpe:2.3:o:linux:linux_kernel:2.4.36.2:::::::*
linux	linux_kernel	2.4.36.3	cpe:2.3:o:linux:linux_kernel:2.4.36.3:::::::*
linux	linux_kernel	2.4.36.4	cpe:2.3:o:linux:linux_kernel:2.4.36.4:::::::*
linux	linux_kernel	2.4.36.5	cpe:2.3:o:linux:linux_kernel:2.4.36.5:::::::*
linux	linux_kernel	2.4.36.6	cpe:2.3:o:linux:linux_kernel:2.4.36.6:::::::*
linux	linux_kernel	2.6	cpe:2.3:o:linux:linux_kernel:2.6:::::::*