CVE-2008-2365

Executive Summary

Informations
Name	CVE-2008-2365	First vendor Publication	2008-06-30
Vendor	Cve	Last vendor Modification	2012-03-19

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score	4.7	Attack Range	Local
Cvss Impact Score	6.9	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2365

CWE : Common Weakness Enumeration

id	Name
CWE-362	Race Condition

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10749

Oval ID:	oval:org.mitre.oval:def:10749
Title:	Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.
Description:	Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-2365	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kernel-xenU is earlier than 0:2.6.9-67.0.20.EL AND kernel-hugemem is earlier than 0:2.6.9-67.0.20.EL AND kernel-hugemem-devel is earlier than 0:2.6.9-67.0.20.EL AND kernel-xenU-devel is earlier than 0:2.6.9-67.0.20.EL AND kernel-smp-devel is earlier than 0:2.6.9-67.0.20.EL AND kernel-largesmp-devel is earlier than 0:2.6.9-67.0.20.EL AND kernel is earlier than 0:2.6.9-67.0.20.EL AND kernel-devel is earlier than 0:2.6.9-67.0.20.EL AND kernel-doc is earlier than 0:2.6.9-67.0.20.EL AND kernel-largesmp is earlier than 0:2.6.9-67.0.20.EL AND kernel-smp is earlier than 0:2.6.9-67.0.20.EL

CPE : Common Platform Enumeration

Type	Description	Count
Os	Linux Linux Kernel cpe:/o:linux:linux_kernel:2.6.9 cpe:/o:linux:linux_kernel:2.6.25.5 cpe:/o:linux:linux_kernel:2.6.25.4 cpe:/o:linux:linux_kernel:2.6.25.3 cpe:/o:linux:linux_kernel:2.6.25.2 cpe:/o:linux:linux_kernel:2.6.25.1 cpe:/o:linux:linux_kernel:2.6.25 cpe:/o:linux:linux_kernel:2.6.24.6 cpe:/o:linux:linux_kernel:2.6.24.2 cpe:/o:linux:linux_kernel:2.6.24.1 cpe:/o:linux:linux_kernel:2.6.24_rc5 cpe:/o:linux:linux_kernel:2.6.24_rc4 cpe:/o:linux:linux_kernel:2.6.24:rc3 cpe:/o:linux:linux_kernel:2.6.24 cpe:/o:linux:linux_kernel:2.6.24:rc2 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.23.7 cpe:/o:linux:linux_kernel:2.6.23.6 cpe:/o:linux:linux_kernel:2.6.23.5 cpe:/o:linux:linux_kernel:2.6.23.4 cpe:/o:linux:linux_kernel:2.6.23.3 cpe:/o:linux:linux_kernel:2.6.23.2 cpe:/o:linux:linux_kernel:2.6.23.14 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.23.1 cpe:/o:linux:linux_kernel:2.6.23_rc1 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.23:rc1 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.22.4 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.22.17 cpe:/o:linux:linux_kernel:2.6.22.16 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.21.4 cpe:/o:linux:linux_kernel:2.6.21.2 cpe:/o:linux:linux_kernel:2.6.21.1 cpe:/o:linux:linux_kernel:2.6.21:rc4 cpe:/o:linux:linux_kernel:2.6.21:rc3 cpe:/o:linux:linux_kernel:2.6.21 cpe:/o:linux:linux_kernel:2.6.21:rc6 cpe:/o:linux:linux_kernel:2.6.21:rc5 cpe:/o:linux:linux_kernel:2.6.20.9 cpe:/o:linux:linux_kernel:2.6.20.8 cpe:/o:linux:linux_kernel:2.6.20.5 cpe:/o:linux:linux_kernel:2.6.20.4 cpe:/o:linux:linux_kernel:2.6.20.3 cpe:/o:linux:linux_kernel:2.6.20.2 cpe:/o:linux:linux_kernel:2.6.20.15 cpe:/o:linux:linux_kernel:2.6.20.13 cpe:/o:linux:linux_kernel:2.6.20.11 cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.19.1 cpe:/o:linux:linux_kernel:2.6.19.0 cpe:/o:linux:linux_kernel:2.6.19:rc1 cpe:/o:linux:linux_kernel:2.6.19:rc2 cpe:/o:linux:linux_kernel:2.6.19:rc4 cpe:/o:linux:linux_kernel:2.6.19:rc3 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.17:rc5 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.16:rc1 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.15.11 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.15:rc2 cpe:/o:linux:linux_kernel:2.6.15:rc3 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.15:rc1 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14:rc1 cpe:/o:linux:linux_kernel:2.6.14:rc3 cpe:/o:linux:linux_kernel:2.6.14:rc2 cpe:/o:linux:linux_kernel:2.6.14:rc4 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.13:rc7 cpe:/o:linux:linux_kernel:2.6.13:rc1 cpe:/o:linux:linux_kernel:2.6.13:rc4 cpe:/o:linux:linux_kernel:2.6.13:rc6 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.12.22 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.12.12 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.12:rc5 cpe:/o:linux:linux_kernel:2.6.12:rc1 cpe:/o:linux:linux_kernel:2.6.12:rc4 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.11:rc4 cpe:/o:linux:linux_kernel:2.6.11:rc3 cpe:/o:linux:linux_kernel:2.6.11:rc2 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.10:rc2 cpe:/o:linux:linux_kernel:2.6.10	153
Os	Redhat Enterprise Linux cpe:/o:redhat:enterprise_linux:4.0::ws cpe:/o:redhat:enterprise_linux:4.0::es cpe:/o:redhat:enterprise_linux:4.0::as	3
Os	Redhat Enterprise Linux Desktop cpe:/o:redhat:enterprise_linux_desktop:4.0	1

Open Source Vulnerability Database (OSVDB)

id	Description
48563	Linux Kernel ptrace / utrace Support PTRACE_ATTACH Call Handling Local DoS

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/29945
CONFIRM	http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;... http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;... http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;... https://bugzilla.redhat.com/show_bug.cgi?id=449359
MISC	http://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/te...
MLIST	http://marc.info/?l=linux-kernel&m=117863520707703&w=2 http://www.openwall.com/lists/oss-security/2008/06/26/1 http://www.openwall.com/lists/oss-security/2008/07/14/1
REDHAT	http://rhn.redhat.com/errata/RHSA-2008-0508.html
SECTRACK	http://www.securitytracker.com/id?1020362
SECUNIA	http://secunia.com/advisories/30850 http://secunia.com/advisories/31107
SREASON	http://securityreason.com/securityalert/3965
UBUNTU	http://www.ubuntu.com/usn/usn-625-1
XF	http://xforce.iss.net/xforce/xfdb/43567

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 00:17:46	Multiple Updates

Related	Severity
USN-625-1	(Critical)
RHSA-2008:0508	(High)

Same Subject	Severity
Login to view 17 more Alert(s)

Copyright Security-Database 2006-2013 - Powered by themself ;) in 0.0397s

Facebook rss twitter linkedin mail