4.4 - CVE-2008-2137

Executive Summary

Informations
Name	CVE-2008-2137	First vendor Publication	2008-05-29
Vendor	Cve	Last vendor Modification	2018-10-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	4.4	Attack Range	Local
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mmap calls.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2137

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-264	Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18592

Oval ID:	oval:org.mitre.oval:def:18592
Title:	DSA-1588-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
Description:	Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-1588-1 CVE-2007-6712 CVE-2008-1615 CVE-2008-2136 CVE-2008-2137	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):	linux-2.6 fai-kernels user-mode-linux
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Packages match section linux-2.6 DPKG is earlier than 2.6.18.dfsg.1-18etch5 AND fai-kernels DPKG is earlier than 1.17+etch.18etch5 AND user-mode-linux DPKG is earlier than 2.6.18-1um-2etch.18etch5

Definition Id: oval:org.mitre.oval:def:8027

Oval ID:	oval:org.mitre.oval:def:8027
Title:	DSA-1588 linux-2.6 -- denial of service
Description:	Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: Johannes Bauer discovered an integer overflow condition in the hrtimer subsystem on 64-bit systems. This can be exploited by local users to trigger a denial of service (DoS) by causing the kernel to execute an infinite loop. Jan Kratochvil reported a local denial of service condition that permits local users on systems running the amd64 flavor kernel to cause a system crash. Paul Harks discovered a memory leak in the Simple Internet Transition (SIT) code used for IPv6 over IPv4 tunnels. This can be exploited by remote users to cause a denial of service condition. David Miller and Jan Lieskovsky discovered issues with the virtual address range checking of mmaped regions on the sparc architecture that may be exploited by local users to cause a denial of service.
Family:	unix	Class:	patch
Reference(s):	DSA-1588 CVE-2007-6712 CVE-2008-1615 CVE-2008-2136 CVE-2008-2137	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	linux-2.6
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section linux-support-2.6.18-6 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-patch-debian-2.6.18 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-source-2.6.18 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-manual-2.6.18 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-tree-2.6.18 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-doc-2.6.18 is earlier than 2.6.18.dfsg.1-18etch5 OR Architecture dependent section Installed architecture is amd64 AND Packages section linux-image-2.6.18-6-xen-amd64 is earlier than 2.6.18.dfsg.1-18etch5 AND fai-kernels is earlier than 1.17+etch.18etch5 AND linux-headers-2.6.18-6-all is earlier than 2.6.18.dfsg.1-18etch5 AND xen-linux-system-2.6.18-6-xen-amd64 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-image-2.6.18-6-amd64 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-modules-2.6.18-6-xen-vserver-amd64 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-image-2.6.18-6-xen-vserver-amd64 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-xen-amd64 is earlier than 2.6.18.dfsg.1-18etch5 AND xen-linux-system-2.6.18-6-xen-vserver-amd64 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-amd64 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-xen is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-xen-vserver-amd64 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-vserver is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-vserver-amd64 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-all-amd64 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-modules-2.6.18-6-xen-amd64 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-xen-vserver is earlier than 2.6.18.dfsg.1-18etch5 AND linux-image-2.6.18-6-vserver-amd64 is earlier than 2.6.18.dfsg.1-18etch5 OR Architecture dependent section Installed architecture is i386 AND Packages section linux-headers-2.6.18-6-vserver-k7 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-image-2.6.18-6-xen-686 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-xen-vserver-686 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-amd64 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-vserver is earlier than 2.6.18.dfsg.1-18etch5 AND xen-linux-system-2.6.18-6-xen-vserver-686 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-686-bigmem is earlier than 2.6.18.dfsg.1-18etch5 AND fai-kernels is earlier than 1.17+etch.18etch5 AND linux-modules-2.6.18-6-xen-vserver-686 is earlier than 2.6.18.dfsg.1-18etch5 AND user-mode-linux is earlier than 2.6.18-1um-2etch.18etch5 AND linux-modules-2.6.18-6-xen-686 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-image-2.6.18-6-486 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-image-2.6.18-6-k7 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-xen-vserver is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-486 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-image-2.6.18-6-686 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-image-2.6.18-6-amd64 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-vserver-686 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-xen is earlier than 2.6.18.dfsg.1-18etch5 AND linux-image-2.6.18-6-vserver-k7 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-k7 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6 is earlier than 2.6.18.dfsg.1-18etch5 AND xen-linux-system-2.6.18-6-xen-686 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-686 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-image-2.6.18-6-xen-vserver-686 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-xen-686 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-all is earlier than 2.6.18.dfsg.1-18etch5 AND linux-image-2.6.18-6-686-bigmem is earlier than 2.6.18.dfsg.1-18etch5 AND linux-image-2.6.18-6-vserver-686 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-all-i386 is earlier than 2.6.18.dfsg.1-18etch5 OR Supported platform section Installed architecture is hppa AND Packages section linux-headers-2.6.18-6-all is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-parisc64 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-image-2.6.18-6-parisc64-smp is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-parisc is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-all-hppa is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-parisc64-smp is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6-parisc-smp is earlier than 2.6.18.dfsg.1-18etch5 AND linux-image-2.6.18-6-parisc is earlier than 2.6.18.dfsg.1-18etch5 AND linux-headers-2.6.18-6 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-image-2.6.18-6-parisc64 is earlier than 2.6.18.dfsg.1-18etch5 AND linux-image-2.6.18-6-parisc-smp is earlier than 2.6.18.dfsg.1-18etch5

CPE : Common Platform Enumeration

Type	Description	Count
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:4.0::sparc:::::	1
Os	Linux Linux Kernel cpe:2.3:o:linux:linux_kernel:2.6.9:::::::* cpe:2.3:o:linux:linux_kernel:2.6.8:::::::* cpe:2.3:o:linux:linux_kernel:2.6.7:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.6:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.5:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.4:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.3:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.25.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.24.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.24.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.9:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.14:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.22.8:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.17:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.16:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.15:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.14:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.13:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.12:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.11:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.21.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.21.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.21.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.21.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.21.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.21:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.20.9:::::::* cpe:2.3:o:linux:linux_kernel:2.6.20.8:::::::* cpe:2.3:o:linux:linux_kernel:2.6.20.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.20.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.20.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.20.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.20.15:::::::* cpe:2.3:o:linux:linux_kernel:2.6.20.13:::::::* cpe:2.3:o:linux:linux_kernel:2.6.20.11:::::::* cpe:2.3:o:linux:linux_kernel:2.6.20.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.20:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.2:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.19.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.19.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.19:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.18.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.18.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.18.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.18:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.17.8:::::::* cpe:2.3:o:linux:linux_kernel:2.6.17.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.17.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.17.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.17.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.17.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.17.14:::::::* cpe:2.3:o:linux:linux_kernel:2.6.17.13:::::::* cpe:2.3:o:linux:linux_kernel:2.6.17.12:::::::* cpe:2.3:o:linux:linux_kernel:2.6.17.11:::::::* cpe:2.3:o:linux:linux_kernel:2.6.17.10:::::::* cpe:2.3:o:linux:linux_kernel:2.6.17.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.17:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.16.27:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16.13:::::::* cpe:2.3:o:linux:linux_kernel:2.6.16:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.15.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.11:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.15:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.14.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.14:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.13.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.13:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.12.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.22:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.12:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.12:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.11.8:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.12:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11.11:::::::* cpe:2.3:o:linux:linux_kernel:2.6.11:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.10:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.1:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.0:-::::::	115

OpenVAS Exploits

Date	Description
2009-03-23	Name : Ubuntu Update for linux, linux-source-2.6.15/20/22 vulnerabilities USN-625-1 File : nvt/gb_ubuntu_USN_625_1.nasl
2008-06-11	Name : Debian Security Advisory DSA 1588-1 (linux-2.6) File : nvt/deb_1588_1.nasl
2008-06-11	Name : Debian Security Advisory DSA 1588-2 (linux-2.6) File : nvt/deb_1588_2.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
45764	Linux Kernel sys_sparc.c Unspecified mmap Call Local DoS

Nessus® Vulnerability Scanner

Date	Description
2008-07-17	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-625-1.nasl - Type : ACT_GATHER_INFO
2008-05-28	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1588.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/29397
CONFIRM	http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.5 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3
DEBIAN	http://www.debian.org/security/2008/dsa-1588
MLIST	http://kerneltrap.org/mailarchive/git-commits-head/2008/5/8/1760604
SECTRACK	http://www.securitytracker.com/id?1020119
SECUNIA	http://secunia.com/advisories/30368 http://secunia.com/advisories/30499 http://secunia.com/advisories/31107
UBUNTU	http://www.ubuntu.com/usn/usn-625-1
VUPEN	http://www.vupen.com/english/advisories/2008/1716/references
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/42681

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-02 01:08:43	Multiple Updates
2024-02-01 12:02:39	Multiple Updates
2023-09-05 12:08:07	Multiple Updates
2023-09-05 01:02:30	Multiple Updates
2023-09-02 12:08:13	Multiple Updates
2023-09-02 01:02:31	Multiple Updates
2023-08-12 12:09:39	Multiple Updates
2023-08-12 01:02:31	Multiple Updates
2023-08-11 12:08:18	Multiple Updates
2023-08-11 01:02:36	Multiple Updates
2023-08-06 12:07:55	Multiple Updates
2023-08-06 01:02:32	Multiple Updates
2023-08-04 12:08:01	Multiple Updates
2023-08-04 01:02:35	Multiple Updates
2023-07-14 12:08:00	Multiple Updates
2023-07-14 01:02:32	Multiple Updates
2023-03-29 01:09:02	Multiple Updates
2023-03-28 12:02:38	Multiple Updates
2022-10-11 12:07:06	Multiple Updates
2022-10-11 01:02:22	Multiple Updates
2021-05-04 12:07:29	Multiple Updates
2021-04-22 01:07:53	Multiple Updates
2020-05-23 00:21:40	Multiple Updates
2018-10-31 00:19:51	Multiple Updates
2017-08-08 09:24:05	Multiple Updates
2016-06-28 17:14:34	Multiple Updates
2016-04-26 17:22:56	Multiple Updates
2014-02-17 10:44:53	Multiple Updates
2013-05-11 00:16:44	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	2
CPE ID(s)	116
Sources(s)	12
osvdb(s)	1
Openvas Exploit(s)	3
Nessus® Exploit(s)	2

	Related
10	USN-625-1
7.8	DSA-1588
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

4.4 - CVE-2008-2137

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU