cve-2008-3527
Vulnerability from cvelistv5
Published
2008-11-05 14:51
Modified
2024-08-07 09:45
Severity ?
Summary
arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions.
References
secalert@redhat.comhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d91d531900bfa1165d445390b3b13a8013f98f7
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
secalert@redhat.comhttp://secunia.com/advisories/32485Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/32759Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/33180Vendor Advisory
secalert@redhat.comhttp://www.debian.org/security/2008/dsa-1687
secalert@redhat.comhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2008-0957.html
secalert@redhat.comhttp://www.securitytracker.com/id?1021137
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=460251
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d91d531900bfa1165d445390b3b13a8013f98f7
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32485Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32759Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33180Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1687
af854a3a-2127-422b-91ae-364da2661108http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0957.html
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021137
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=460251
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:45:18.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32485",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32485"
          },
          {
            "name": "oval:org.mitre.oval:def:10602",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d91d531900bfa1165d445390b3b13a8013f98f7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21"
          },
          {
            "name": "RHSA-2008:0957",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html"
          },
          {
            "name": "1021137",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021137"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460251"
          },
          {
            "name": "DSA-1687",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1687"
          },
          {
            "name": "32759",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32759"
          },
          {
            "name": "33180",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33180"
          },
          {
            "name": "SUSE-SR:2008:025",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-11-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "32485",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32485"
        },
        {
          "name": "oval:org.mitre.oval:def:10602",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d91d531900bfa1165d445390b3b13a8013f98f7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21"
        },
        {
          "name": "RHSA-2008:0957",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html"
        },
        {
          "name": "1021137",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021137"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460251"
        },
        {
          "name": "DSA-1687",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1687"
        },
        {
          "name": "32759",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32759"
        },
        {
          "name": "33180",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33180"
        },
        {
          "name": "SUSE-SR:2008:025",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-3527",
    "datePublished": "2008-11-05T14:51:00",
    "dateReserved": "2008-08-07T00:00:00",
    "dateUpdated": "2024-08-07T09:45:18.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3527\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2008-11-05T15:00:14.147\",\"lastModified\":\"2024-11-21T00:49:27.877\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions.\"},{\"lang\":\"es\",\"value\":\"arch/i386/kernel/sysenter.c en la implementaci\u00f3n Virtual Dynamic Shared Objects (vDSO) para el kernel de Linux anterior a v2.6.21, no comprueba de forma adecuada los l\u00edmites; esto permite a usuarios locales ganar privilegios o provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados. Est\u00e1 relacionado con las funciones install_special_mapping, syscall y syscall32_nopage.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.6.20.21\",\"matchCriteriaId\":\"455AF113-2E2D-46F2-8F92-C21E06E5B39F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.2.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43F9DBB0-8AF7-42CA-95DD-68A344E9D549\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA39D4CE-22F0-46A2-B8CF-4599675E7D3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.36.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDD00664-A27C-4514-A2A4-079E8F9B0251\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.36.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E336C792-B7A1-4318-8050-DE9F03474CEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.36.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7228AE50-BACB-4AB8-9CE5-17DB0CD661AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.36.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6D260FD-E55E-4A95-AB7F-B880DBE37BAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.36.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E36D0159-1A05-4628-9C1C-360DED0F438C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.4.36.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E6654B9-42EB-4C2C-8F71-710D50556180\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FC560CC-F785-42D5-A25B-1BA02E7AC464\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C06F0037-DE20-4B4A-977F-BFCFAB026517\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1817C772-D367-4ABE-B835-466D31A6DC89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C667B8E4-64EB-4A05-84FF-B2243DEF757D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9484B41A-DFB6-4481-80D8-440C711CEA53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"53D373AF-DE6B-428E-9F0F-F1D220900A4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2975DF7-F916-456C-BF7C-2694559E5282\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D156EFF-D2E5-4F42-B6E7-954DE6CD90B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"784EB96E-2FD3-4F77-8DB6-4D6C7A928946\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.19.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86A98A70-51E3-4556-8DC4-DD09CF370D1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.19.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"469EE3B0-3CC2-4AC2-86A0-2DF34205E707\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.19.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCFECB2B-6482-45F2-B3BB-EDDEDA0948A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.19.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EC547EB-9308-4477-8256-A0E04B42D6DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.20.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F55A024-9F8E-44F8-A0D8-696BC232524A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.20.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84595143-3B04-4CE8-81C0-28EEEC58CD0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.20.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32EE2B49-DDEB-4B49-A5F0-CAA161095A5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.20.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3ABFA33-8FA1-488E-A9BD-1593F495F595\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.20.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62F6DE3A-E6CC-4D7E-BD08-E43DC4182200\"}]}]}],\"references\":[{\"url\":\"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d91d531900bfa1165d445390b3b13a8013f98f7\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/32485\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32759\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33180\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2008/dsa-1687\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0957.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id?1021137\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=460251\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d91d531900bfa1165d445390b3b13a8013f98f7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32485\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32759\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33180\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2008/dsa-1687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0957.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021137\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=460251\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.\\n\\nIt was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0957.html\",\"lastModified\":\"2009-01-15T00:00:00\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.