Vulnerability-Lookup

CVE-2008-0009 (GCVE-0-2008-0009)

Vulnerability from cvelistv5 – Published: 2008-02-12 20:00 – Updated: 2024-08-07 07:32

Summary

The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=431206	x_refsource_CONFIRM
	http://www.kernel.org/pub/linux/kernel/v2.6/Chang…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/0487…	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/487982/100…	mailing-listx_refsource_BUGTRAQ
	http://isec.pl/vulnerabilities/isec-0026-vmsplice…	x_refsource_MISC
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/28896	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/28835	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/27799	vdb-entryx_refsource_BID
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.securityfocus.com/bid/27704	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:23.333Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431206"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1"
          },
          {
            "name": "ADV-2008-0487",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0487/references"
          },
          {
            "name": "20080212 CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/487982/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt"
          },
          {
            "name": "FEDORA-2008-1422",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html"
          },
          {
            "name": "28896",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28896"
          },
          {
            "name": "28835",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28835"
          },
          {
            "name": "27799",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27799"
          },
          {
            "name": "FEDORA-2008-1423",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html"
          },
          {
            "name": "27704",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27704"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431206"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1"
        },
        {
          "name": "ADV-2008-0487",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0487/references"
        },
        {
          "name": "20080212 CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/487982/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt"
        },
        {
          "name": "FEDORA-2008-1422",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html"
        },
        {
          "name": "28896",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28896"
        },
        {
          "name": "28835",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28835"
        },
        {
          "name": "27799",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27799"
        },
        {
          "name": "FEDORA-2008-1423",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html"
        },
        {
          "name": "27704",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27704"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-0009",
    "datePublished": "2008-02-12T20:00:00.000Z",
    "dateReserved": "2007-12-03T00:00:00.000Z",
    "dateUpdated": "2024-08-07T07:32:23.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"615BDD1D-36AA-4976-909B-F0F66BF1090C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.22:rc6:*:*:*:*:*:*\", \"matchCriteriaId\": \"D123AAFE-3F17-45C4-9382-BA392FD022C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.22.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE8A26D6-1BDA-45F0-8F7C-F95986050E32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.22.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F320FA9F-C13D-4AA3-B838-A0E5D63E6A29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.22.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B179CF1D-084D-4B21-956F-E55AC6BDE026\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.22.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F1B4877-286A-44B5-9C5C-0403F75B2BAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.22.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"432CA976-6EFA-4D34-B5EA-CD772D067F93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.22.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E476195-657E-416E-BC16-44A18B06A133\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.22.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFF566DA-0F04-48DA-AA40-565979C55328\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C6A3A30-FEA4-40B6-98A9-1840BB4E8CBE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.23:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E249774-CE05-43D5-A5A3-7CCE24BB2AD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.23:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D42BA44-C69B-4170-9867-CABF93CA9BD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.23.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5140380C-71BD-464F-AE53-1814C2653056\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.23.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B18EC0A7-8616-4039-B98B-E1216E035B05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.23.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22FB141B-FA2A-435D-8937-83FC0669CB20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.23.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C59131C8-F66A-4380-9F6E-3FC14C7C8562\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.23.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5421616-4BF5-4269-8996-C3D2BA6AE2A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.23.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23FC6CE2-8717-4558-A309-A441D322F00E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.23.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"311BE336-7BB2-47C0-AED5-3DEA706C206F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.23.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AAC2E9D-0E82-4866-9046-ADD448418198\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.23.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67F2047A-5F17-4B59-9075-41A5DC5C1CD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.24:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A12DE15-E192-4B90-ADB7-A886B3746DD7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF6588E7-F4FA-40F5-8945-FC7B6094376E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n vmsplice_to_user en fs/splice.c del n\\u00facleo de Linux 2.6.22 hasta 2.6.24 no valida ciertos punteros en el espacio antes referenciados, lo cual permite a usuarios locales acceder a localizaciones de memoria del n\\u00facleo de su elecci\\u00f3n.\"}]",
      "id": "CVE-2008-0009",
      "lastModified": "2024-11-21T00:40:57.957",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-02-12T21:00:00.000",
      "references": "[{\"url\": \"http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/28835\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/28896\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/487982/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/27704\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/27799\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0487/references\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=431206\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/28835\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28896\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/487982/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27704\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27799\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0487/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=431206\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.\", \"lastModified\": \"2008-02-13T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0009\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2008-02-12T21:00:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n vmsplice_to_user en fs/splice.c del n\u00facleo de Linux 2.6.22 hasta 2.6.24 no valida ciertos punteros en el espacio antes referenciados, lo cual permite a usuarios locales acceder a localizaciones de memoria del n\u00facleo de su elecci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"615BDD1D-36AA-4976-909B-F0F66BF1090C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.22:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"D123AAFE-3F17-45C4-9382-BA392FD022C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.22.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE8A26D6-1BDA-45F0-8F7C-F95986050E32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.22.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F320FA9F-C13D-4AA3-B838-A0E5D63E6A29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.22.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B179CF1D-084D-4B21-956F-E55AC6BDE026\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.22.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F1B4877-286A-44B5-9C5C-0403F75B2BAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.22.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"432CA976-6EFA-4D34-B5EA-CD772D067F93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.22.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E476195-657E-416E-BC16-44A18B06A133\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.22.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFF566DA-0F04-48DA-AA40-565979C55328\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C6A3A30-FEA4-40B6-98A9-1840BB4E8CBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.23:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E249774-CE05-43D5-A5A3-7CCE24BB2AD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.23:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D42BA44-C69B-4170-9867-CABF93CA9BD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.23.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5140380C-71BD-464F-AE53-1814C2653056\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.23.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B18EC0A7-8616-4039-B98B-E1216E035B05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.23.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22FB141B-FA2A-435D-8937-83FC0669CB20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.23.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C59131C8-F66A-4380-9F6E-3FC14C7C8562\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.23.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5421616-4BF5-4269-8996-C3D2BA6AE2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.23.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23FC6CE2-8717-4558-A309-A441D322F00E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.23.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"311BE336-7BB2-47C0-AED5-3DEA706C206F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.23.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AAC2E9D-0E82-4866-9046-ADD448418198\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.23.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67F2047A-5F17-4B59-9075-41A5DC5C1CD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.24:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A12DE15-E192-4B90-ADB7-A886B3746DD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF6588E7-F4FA-40F5-8945-FC7B6094376E\"}]}]}],\"references\":[{\"url\":\"http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/28835\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/28896\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/487982/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/27704\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/27799\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0487/references\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=431206\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/28835\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28896\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/487982/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27704\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27799\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0487/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=431206\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.\",\"lastModified\":\"2008-02-13T00:00:00\"}]}}"
  }
}

FKIE_CVE-2008-0009

Vulnerability from fkie_nvd - Published: 2008-02-12 21:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt	Exploit
secalert@redhat.com	http://secunia.com/advisories/28835
secalert@redhat.com	http://secunia.com/advisories/28896
secalert@redhat.com	http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1	Exploit
secalert@redhat.com	http://www.securityfocus.com/archive/1/487982/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/27704
secalert@redhat.com	http://www.securityfocus.com/bid/27799
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/0487/references
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=431206	Exploit
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html
af854a3a-2127-422b-91ae-364da2661108	http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28835
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28896
af854a3a-2127-422b-91ae-364da2661108	http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/487982/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27704
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27799
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0487/references
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=431206	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html

Impacted products

Vendor	Product	Version
linux	linux_kernel	2.6.22
linux	linux_kernel	2.6.22
linux	linux_kernel	2.6.22.1
linux	linux_kernel	2.6.22.3
linux	linux_kernel	2.6.22.4
linux	linux_kernel	2.6.22.5
linux	linux_kernel	2.6.22.6
linux	linux_kernel	2.6.22.7
linux	linux_kernel	2.6.22.16
linux	linux_kernel	2.6.23
linux	linux_kernel	2.6.23
linux	linux_kernel	2.6.23
linux	linux_kernel	2.6.23.1
linux	linux_kernel	2.6.23.2
linux	linux_kernel	2.6.23.3
linux	linux_kernel	2.6.23.4
linux	linux_kernel	2.6.23.5
linux	linux_kernel	2.6.23.6
linux	linux_kernel	2.6.23.7
linux	linux_kernel	2.6.23.9
linux	linux_kernel	2.6.23.14
linux	linux_kernel	2.6.24
linux	linux_kernel	2.6.24

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "615BDD1D-36AA-4976-909B-F0F66BF1090C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "D123AAFE-3F17-45C4-9382-BA392FD022C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8A26D6-1BDA-45F0-8F7C-F95986050E32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F320FA9F-C13D-4AA3-B838-A0E5D63E6A29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B179CF1D-084D-4B21-956F-E55AC6BDE026",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F1B4877-286A-44B5-9C5C-0403F75B2BAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "432CA976-6EFA-4D34-B5EA-CD772D067F93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E476195-657E-416E-BC16-44A18B06A133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF566DA-0F04-48DA-AA40-565979C55328",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C6A3A30-FEA4-40B6-98A9-1840BB4E8CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0E249774-CE05-43D5-A5A3-7CCE24BB2AD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8D42BA44-C69B-4170-9867-CABF93CA9BD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5140380C-71BD-464F-AE53-1814C2653056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B18EC0A7-8616-4039-B98B-E1216E035B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FB141B-FA2A-435D-8937-83FC0669CB20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59131C8-F66A-4380-9F6E-3FC14C7C8562",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5421616-4BF5-4269-8996-C3D2BA6AE2A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "23FC6CE2-8717-4558-A309-A441D322F00E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "311BE336-7BB2-47C0-AED5-3DEA706C206F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AAC2E9D-0E82-4866-9046-ADD448418198",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "67F2047A-5F17-4B59-9075-41A5DC5C1CD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9A12DE15-E192-4B90-ADB7-A886B3746DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FF6588E7-F4FA-40F5-8945-FC7B6094376E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n vmsplice_to_user en fs/splice.c del n\u00facleo de Linux 2.6.22 hasta 2.6.24 no valida ciertos punteros en el espacio antes referenciados, lo cual permite a usuarios locales acceder a localizaciones de memoria del n\u00facleo de su elecci\u00f3n."
    }
  ],
  "id": "CVE-2008-0009",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-12T21:00:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/28835"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/28896"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/487982/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/27704"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/27799"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/0487/references"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431206"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/487982/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0487/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
      "lastModified": "2008-02-13T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-HW2G-WPRJ-FVRQ

Vulnerability from github – Published: 2022-05-01 23:27 – Updated: 2022-05-01 23:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0009"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-02-12T21:00:00Z",
    "severity": "LOW"
  },
  "details": "The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.",
  "id": "GHSA-hw2g-wprj-fvrq",
  "modified": "2022-05-01T23:27:15Z",
  "published": "2022-05-01T23:27:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0009"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431206"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html"
    },
    {
      "type": "WEB",
      "url": "http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28835"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28896"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/487982/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27704"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27799"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0487/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2008-AVI-067

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans le noyau Linux permet à un utilisateur local d'élever ses privilèges.

Description

Une erreur dans la gestion des tubes ou « pipes » est présente dans le noyau Linux des systèmes d'exploitations GNU/Linux. Celle-ci permet à un utilisateur malintentionné, local au système, d'aquérir les privilèges du super-utilisateur root.

Solution

La version 2.6.24.2 du noyau Linux corrige le problème :

http://www.kernel.org

Pour les différentes distributions GNU/Linux, se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Linux versions 2.6.24.1 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Liste des changements apportés à la version 2.6.24.2 du noyau Linux	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2008:0129 du 12 février 2008 :	-	other
Site du noyau Linux :	-	other
Bulletin de sécurité Mandriva MDVSA-2008:043 du 11 février 2008 :	-	other
Bulletin de sécurité SuSE SUSE-SA:2008:007 du 12 février 2008 :	-	other
Liste des changements apportés à la version 2.6.24.2 du noyau Linux :	-	other
Bulletin de sécurité Debian DSA-1494 du 11 février 2008 :	-	other
Bulletin de sécurité Ubuntu USN-577 du 12 février 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLinux versions 2.6.24.1 et ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nUne erreur dans la gestion des tubes ou \u00ab pipes \u00bb est pr\u00e9sente dans le\nnoyau Linux des syst\u00e8mes d\u0027exploitations GNU/Linux. Celle-ci permet \u00e0 un\nutilisateur malintentionn\u00e9, local au syst\u00e8me, d\u0027aqu\u00e9rir les privil\u00e8ges\ndu super-utilisateur root.\n\n## Solution\n\nLa version 2.6.24.2 du noyau Linux corrige le probl\u00e8me :\n\n    http://www.kernel.org\n\nPour les diff\u00e9rentes distributions GNU/Linux, se r\u00e9f\u00e9rer au bulletin de\ns\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section\nDocumentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0600"
    },
    {
      "name": "CVE-2008-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0010"
    },
    {
      "name": "CVE-2008-0009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0009"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2008:0129 du 12 f\u00e9vrier    2008 :",
      "url": "https://rhn.redhat.com/errata/RHSA-2008-0129.html"
    },
    {
      "title": "Site du noyau Linux :",
      "url": "http://www.kernel.org"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2008:043 du 11 f\u00e9vrier    2008 :",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:043"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2008:007 du 12 f\u00e9vrier    2008 :",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html"
    },
    {
      "title": "Liste des changements apport\u00e9s \u00e0 la version 2.6.24.2 du    noyau Linux :",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1494 du 11 f\u00e9vrier 2008 :",
      "url": "http://www.debian.org/security/2008/DSA-1494"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-577 du 12 f\u00e9vrier 2008 :",
      "url": "https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-February/000664.html"
    }
  ],
  "reference": "CERTA-2008-AVI-067",
  "revisions": [
    {
      "description": "version initiale ;",
      "revision_date": "2008-02-11T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE et des bulletins de s\u00e9curit\u00e9 Debian, Mandriva et SuSE ;",
      "revision_date": "2008-02-12T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins RedHat et Ubuntu.",
      "revision_date": "2008-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le noyau Linux permet \u00e0 un utilisateur local\nd\u0027\u00e9lever ses privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 du noyau Linux",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Liste des changements apport\u00e9s \u00e0 la version 2.6.24.2 du noyau Linux",
      "url": null
    }
  ]
}

CERTA-2008-AVI-067

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans le noyau Linux permet à un utilisateur local d'élever ses privilèges.

Description

Solution

La version 2.6.24.2 du noyau Linux corrige le problème :

http://www.kernel.org

Pour les différentes distributions GNU/Linux, se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Linux versions 2.6.24.1 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Liste des changements apportés à la version 2.6.24.2 du noyau Linux	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2008:0129 du 12 février 2008 :	-	other
Site du noyau Linux :	-	other
Bulletin de sécurité Mandriva MDVSA-2008:043 du 11 février 2008 :	-	other
Bulletin de sécurité SuSE SUSE-SA:2008:007 du 12 février 2008 :	-	other
Liste des changements apportés à la version 2.6.24.2 du noyau Linux :	-	other
Bulletin de sécurité Debian DSA-1494 du 11 février 2008 :	-	other
Bulletin de sécurité Ubuntu USN-577 du 12 février 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLinux versions 2.6.24.1 et ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nUne erreur dans la gestion des tubes ou \u00ab pipes \u00bb est pr\u00e9sente dans le\nnoyau Linux des syst\u00e8mes d\u0027exploitations GNU/Linux. Celle-ci permet \u00e0 un\nutilisateur malintentionn\u00e9, local au syst\u00e8me, d\u0027aqu\u00e9rir les privil\u00e8ges\ndu super-utilisateur root.\n\n## Solution\n\nLa version 2.6.24.2 du noyau Linux corrige le probl\u00e8me :\n\n    http://www.kernel.org\n\nPour les diff\u00e9rentes distributions GNU/Linux, se r\u00e9f\u00e9rer au bulletin de\ns\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section\nDocumentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0600"
    },
    {
      "name": "CVE-2008-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0010"
    },
    {
      "name": "CVE-2008-0009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0009"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2008:0129 du 12 f\u00e9vrier    2008 :",
      "url": "https://rhn.redhat.com/errata/RHSA-2008-0129.html"
    },
    {
      "title": "Site du noyau Linux :",
      "url": "http://www.kernel.org"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2008:043 du 11 f\u00e9vrier    2008 :",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:043"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2008:007 du 12 f\u00e9vrier    2008 :",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html"
    },
    {
      "title": "Liste des changements apport\u00e9s \u00e0 la version 2.6.24.2 du    noyau Linux :",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1494 du 11 f\u00e9vrier 2008 :",
      "url": "http://www.debian.org/security/2008/DSA-1494"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-577 du 12 f\u00e9vrier 2008 :",
      "url": "https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-February/000664.html"
    }
  ],
  "reference": "CERTA-2008-AVI-067",
  "revisions": [
    {
      "description": "version initiale ;",
      "revision_date": "2008-02-11T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE et des bulletins de s\u00e9curit\u00e9 Debian, Mandriva et SuSE ;",
      "revision_date": "2008-02-12T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins RedHat et Ubuntu.",
      "revision_date": "2008-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le noyau Linux permet \u00e0 un utilisateur local\nd\u0027\u00e9lever ses privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 du noyau Linux",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Liste des changements apport\u00e9s \u00e0 la version 2.6.24.2 du noyau Linux",
      "url": null
    }
  ]
}

GSD-2008-0009

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0009

Aliases

CVE-2008-0009

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0009",
    "description": "The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.",
    "id": "GSD-2008-0009",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-0009.html",
      "https://packetstormsecurity.com/files/cve/CVE-2008-0009"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0009"
      ],
      "details": "The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.",
      "id": "GSD-2008-0009",
      "modified": "2023-12-13T01:22:58.781568Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-0009",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt",
            "refsource": "MISC",
            "url": "http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt"
          },
          {
            "name": "http://secunia.com/advisories/28835",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/28835"
          },
          {
            "name": "http://secunia.com/advisories/28896",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/28896"
          },
          {
            "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1",
            "refsource": "MISC",
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/487982/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/487982/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/27704",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/27704"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2008/0487/references",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2008/0487/references"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html"
          },
          {
            "name": "http://www.securityfocus.com/bid/27799",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/27799"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=431206",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431206"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.22.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.22:rc6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.23.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.23.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.23.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.22.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.22.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.23.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.23.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.22.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.22.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.23.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.23.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.22.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.22.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.23.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.23.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-0009"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=431206",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431206"
            },
            {
              "name": "FEDORA-2008-1422",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html"
            },
            {
              "name": "FEDORA-2008-1423",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html"
            },
            {
              "name": "27704",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/27704"
            },
            {
              "name": "28835",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28835"
            },
            {
              "name": "28896",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28896"
            },
            {
              "name": "27799",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/27799"
            },
            {
              "name": "ADV-2008-0487",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0487/references"
            },
            {
              "name": "20080212 CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/487982/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:57Z",
      "publishedDate": "2008-02-12T21:00Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0009 (GCVE-0-2008-0009)

FKIE_CVE-2008-0009

GHSA-HW2G-WPRJ-FVRQ

CERTA-2008-AVI-067

Description

Solution

CERTA-2008-AVI-067

Description

Solution

GSD-2008-0009

Tags

Sightings

Nomenclature