CVE-2008-3525

HIGH

Description

The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2455eb176ac87081bbfc9a44b21c7cd2bc1967e

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html

http://secunia.com/advisories/32103

http://secunia.com/advisories/32237

http://secunia.com/advisories/32315

http://secunia.com/advisories/32356

http://secunia.com/advisories/32370

http://secunia.com/advisories/32386

http://secunia.com/advisories/32393

http://secunia.com/advisories/32759

http://secunia.com/advisories/33201

http://secunia.com/advisories/33280

http://www.debian.org/security/2008/dsa-1653

http://www.debian.org/security/2008/dsa-1655

http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.7

http://www.mandriva.com/security/advisories?name=MDVSA-2008:220

http://www.mandriva.com/security/advisories?name=MDVSA-2008:223

http://www.openwall.com/lists/oss-security/2008/08/29/2

http://www.redhat.com/support/errata/RHSA-2008-0787.html

http://www.redhat.com/support/errata/RHSA-2008-0973.html

http://www.securitytracker.com/id?1020969

http://www.ubuntu.com/usn/usn-659-1

http://www.vupen.com/english/advisories/2008/2511

http://www.vupen.com/english/advisories/2008/2714

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5671

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9364

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00689.html

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00693.html

Details

Source: MITRE

Published: 2008-09-03

Updated: 2017-09-29

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:2.6.26.3:*:*:*:*:*:*:*

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
89116VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check)NessusMisc.
critical
67763Oracle Linux 3 : kernel (ELSA-2008-0973)NessusOracle Linux Local Security Checks
high
60507Scientific Linux Security Update : kernel on SL3.x i386/x86_64NessusScientific Linux Local Security Checks
high
59132SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5667)NessusSuSE Local Security Checks
high
59131SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5608)NessusSuSE Local Security Checks
critical
42179VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issuesNessusVMware ESX Local Security Checks
critical
41535SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5668)NessusSuSE Local Security Checks
high
40010openSUSE Security Update : kernel (kernel-270)NessusSuSE Local Security Checks
high
37065Mandriva Linux Security Advisory : kernel (MDVSA-2008:223)NessusMandriva Local Security Checks
critical
36681Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : linux, linux-source-2.6.15/22 vulnerabilities (USN-659-1)NessusUbuntu Local Security Checks
high
35323RHEL 2.1 : kernel (RHSA-2009:0001)NessusRed Hat Local Security Checks
high
35190RHEL 3 : kernel (RHSA-2008:0973)NessusRed Hat Local Security Checks
high
35186CentOS 3 : kernel (CESA-2008:0973)NessusCentOS Local Security Checks
high
34755openSUSE 10 Security Update : kernel (kernel-5751)NessusSuSE Local Security Checks
critical
34481Fedora 8 : kernel-2.6.26.6-49.fc8 (2008-8980)NessusFedora Local Security Checks
high
34480Fedora 9 : kernel-2.6.26.6-79.fc9 (2008-8929)NessusFedora Local Security Checks
high
34457openSUSE 10 Security Update : kernel (kernel-5700)NessusSuSE Local Security Checks
critical
34444Debian DSA-1655-1 : linux-2.6.24 - denial of service/information leak/privilege escalationNessusDebian Local Security Checks
high
34392Debian DSA-1653-1 : linux-2.6 - denial of service/privilege escalationNessusDebian Local Security Checks
high
34331SuSE 10 Security Update : the Linux Kernel (x86) (ZYPP Patch Number 5566)NessusSuSE Local Security Checks
critical
801460CentOS RHSA-2008-0973 Security CheckLog Correlation EngineGeneric
high