Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2008-5029

Disclosure Date: November 10, 2008 •

Description

The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

linux

Products

References

Canonical

CVE-2008-5029 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5029)

BID-32154 (http://www.securityfocus.com/bid/32154)

BID-33079 (http://www.securityfocus.com/bid/33079)

Advisory

SECUNIA-32998 (http://secunia.com/advisories/32998)

[oss-security] 20081106 CVE request: kernel: Unix sockets kernel panic (http://www.openwall.com/lists/oss-security/2008/11/06/1)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:234

http://www.redhat.com/support/errata/RHSA-2009-0225.html

20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (http://www.securityfocus.com/archive/1/512019/100/0/threaded)

SECUNIA-33641 (http://secunia.com/advisories/33641)

SREASON-4573 (http://securityreason.com/securityalert/4573)

SECUNIA-33623 (http://secunia.com/advisories/33623)

http://www.redhat.com/support/errata/RHSA-2009-0009.html

SECTRACK-1021292 (http://www.securitytracker.com/id?1021292)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9558

SECTRACK-1021511 (http://www.securitytracker.com/id?1021511)

http://www.redhat.com/support/errata/RHSA-2009-0014.html

SECUNIA-33586 (http://secunia.com/advisories/33586)

[linux-netdev] 20081106 UNIX sockets kernel panic (http://marc.info?l=linux-netdev&m=122593044330973&w=2)

SECUNIA-33556 (http://secunia.com/advisories/33556)

DSA-1687 (http://www.debian.org/security/2008/dsa-1687)

SECUNIA-32918 (http://secunia.com/advisories/32918)

20090104 Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit (http://www.securityfocus.com/archive/1/499744/100/0/threaded)

USN-679-1 (http://www.ubuntu.com/usn/usn-679-1)

http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.9

XF-linux-kernel-scmdestroy-dos(46538) (https://exchange.xforce.ibmcloud.com/vulnerabilities/46538)

SECUNIA-33180 (http://secunia.com/advisories/33180)

https://rhn.redhat.com/errata/RHSA-2009-1550.html

https://bugzilla.redhat.com/show_bug.cgi?id=470201

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.html

20090101 Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit (http://www.securityfocus.com/archive/1/499700/100/0/threaded)

SECUNIA-33704 (http://secunia.com/advisories/33704)

DSA-1681 (http://www.debian.org/security/2008/dsa-1681)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11694

20090103 Re: Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit (http://archives.neohapsis.com/archives/bugtraq/2009-01/0006.html)

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html

Miscellaneous

http://darkircop.org/unix.c

Rapid7

Technical Analysis