Vulnerability CVE-2008-2358

Vulnerability Name:

CVE-2008-2358 (CCN-43034)

Assigned:

2008-06-09

Published:

2008-06-09

Updated:

2017-09-29

Summary:

Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-189

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-2358

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:030

Source: CCN
Type: RHSA-2008-0519
Important: kernel security and bug fix update

Source: CCN
Type: SA30000
Debian update for linux-2.6

Source: SECUNIA
Type: Vendor Advisory
30000

Source: SECUNIA
Type: Vendor Advisory
30818

Source: SECUNIA
Type: Vendor Advisory
30849

Source: SECUNIA
Type: Vendor Advisory
30920

Source: SECUNIA
Type: Vendor Advisory
31107

Source: CCN
Type: SECTRACK ID: 1020211
Linux Kernel Buffer Overflow in DCCP Subsystem May Let Remote Users Execute Arbitrary Code

Source: DEBIAN
Type: UNKNOWN
DSA-1592

Source: DEBIAN
Type: DSA-1592
linux-2.6 -- heap overflow

Source: CCN
Type: The Linux Kernel Archives Web site
The Linux Kernel Archives

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:112

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:167

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0519

Source: BID
Type: UNKNOWN
29603

Source: CCN
Type: BID-29603
Linux Kernel DCCP Subsystem Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1020211

Source: CCN
Type: USN-625-1
Linux kernel vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-625-1

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=447389

Source: XF
Type: UNKNOWN
linux-kernel-dccpfeatchange-bo(43034)

Source: XF
Type: UNKNOWN
linux-kernel-dccpfeatchange-bo(43034)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9644

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-5893

Source: SUSE
Type: SUSE-SA:2008:030
Linux kernel security update

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:2.6.17:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.18:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.19:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.20:-:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:2.6.18:-:*:*:*:*:*:*

AND

cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:17496	P	USN-625-1 -- linux, linux-source-2.6.15/20/22 vulnerabilities	2014-07-21
oval:org.mitre.oval:def:18678	P	DSA-1592-1 linux-2.6 - overflow conditions	2014-06-23
oval:org.mitre.oval:def:8118	P	DSA-1592 linux-2.6 -- heap overflow	2014-06-23
oval:org.mitre.oval:def:22647	P	ELSA-2008:0519: kernel security and bug fix update (Important)	2014-05-26
oval:org.mitre.oval:def:9644	V	Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow.	2013-04-29
oval:org.opensuse.security:def:20082358	V	CVE-2008-2358	2012-07-03
oval:com.redhat.rhsa:def:20080519	P	RHSA-2008:0519: kernel security and bug fix update (Important)	2008-06-25
oval:org.debian:def:1592	V	heap overflow	2008-06-09

BACK