CVE-2008-3915

high

Description

Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=91b80969ba466ba4b915a4a1d03add8c297add3f

http://lkml.org/lkml/2008/9/3/286

http://secunia.com/advisories/31881

http://secunia.com/advisories/32190

http://secunia.com/advisories/32393

http://www.debian.org/security/2008/dsa-1636

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4

http://www.openwall.com/lists/oss-security/2008/09/04/18

http://www.openwall.com/lists/oss-security/2008/09/04/4

http://www.redhat.com/support/errata/RHSA-2008-0857.html

http://www.securityfocus.com/bid/31133

http://www.ubuntu.com/usn/usn-659-1

https://bugzilla.redhat.com/show_bug.cgi?id=461101

https://exchange.xforce.ibmcloud.com/vulnerabilities/45055

Details

Source: MITRE

Published: 2008-09-11

Updated: 2017-08-08

Type: CWE-119

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH