CVE-2008-2812

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.

References

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commitdiff;h=2a739dd53ad7ee010ae6e155438507f329dce788

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

http://secunia.com/advisories/30982

http://secunia.com/advisories/31048

http://secunia.com/advisories/31202

http://secunia.com/advisories/31229

http://secunia.com/advisories/31341

http://secunia.com/advisories/31551

http://secunia.com/advisories/31614

http://secunia.com/advisories/31685

http://secunia.com/advisories/32103

http://secunia.com/advisories/32370

http://secunia.com/advisories/32759

http://secunia.com/advisories/33201

http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm

http://www.debian.org/security/2008/dsa-1630

http://www.openwall.com/lists/oss-security/2008/07/03/2

http://www.redhat.com/support/errata/RHSA-2008-0612.html

http://www.redhat.com/support/errata/RHSA-2008-0665.html

http://www.redhat.com/support/errata/RHSA-2008-0973.html

http://www.securityfocus.com/bid/30076

http://www.vupen.com/english/advisories/2008/2063/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/43687

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633

https://usn.ubuntu.com/637-1/

Details

Source: MITRE

Published: 2008-07-09

Updated: 2020-08-14

Type: CWE-476

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
89116VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check)NessusMisc.
critical
79447OracleVM 2.1 : kernel (OVMSA-2008-2005)NessusOracleVM Local Security Checks
high
67763Oracle Linux 3 : kernel (ELSA-2008-0973)NessusOracle Linux Local Security Checks
high
67730Oracle Linux 5 : kernel (ELSA-2008-0612)NessusOracle Linux Local Security Checks
high
60507Scientific Linux Security Update : kernel on SL3.x i386/x86_64NessusScientific Linux Local Security Checks
high
60459Scientific Linux Security Update : kernel on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
59131SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5608)NessusSuSE Local Security Checks
critical
59129SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5477)NessusSuSE Local Security Checks
critical
43701CentOS 5 : kernel (CESA-2008:0612)NessusCentOS Local Security Checks
high
42179VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issuesNessusVMware ESX Local Security Checks
high
41533SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5473)NessusSuSE Local Security Checks
critical
40008openSUSE Security Update : kernel (kernel-111)NessusSuSE Local Security Checks
high
35190RHEL 3 : kernel (RHSA-2008:0973)NessusRed Hat Local Security Checks
high
35186CentOS 3 : kernel (CESA-2008:0973)NessusCentOS Local Security Checks
high
34755openSUSE 10 Security Update : kernel (kernel-5751)NessusSuSE Local Security Checks
critical
34457openSUSE 10 Security Update : kernel (kernel-5700)NessusSuSE Local Security Checks
critical
34331SuSE 10 Security Update : the Linux Kernel (x86) (ZYPP Patch Number 5566)NessusSuSE Local Security Checks
critical
34048Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : linux, linux-source-2.6.15/20/22 vulnerabilities (USN-637-1)NessusUbuntu Local Security Checks
high
34032Debian DSA-1630-1 : linux-2.6 - denial of service/information leakNessusDebian Local Security Checks
high
33830RHEL 5 : kernel (RHSA-2008:0612)NessusRed Hat Local Security Checks
high
33581RHEL 4 : kernel (RHSA-2008:0665)NessusRed Hat Local Security Checks
high
801460CentOS RHSA-2008-0973 Security CheckLog Correlation EngineGeneric
high