Executive Summary

Informations
NameCVE-2008-2365First vendor Publication2008-06-30
VendorCveLast vendor Modification2012-03-19

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score4.7Attack RangeLocal
Cvss Impact Score6.9Attack ComplexityMedium
Cvss Expoit Score3.4AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2365

CWE : Common Weakness Enumeration

idName
CWE-362Race Condition

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10749
 
Oval ID: oval:org.mitre.oval:def:10749
Title: Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.
Description: Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2365
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os153
Os3
Os1

OpenVAS Exploits

DateDescription
2009-03-23Name : Ubuntu Update for linux, linux-source-2.6.15/20/22 vulnerabilities USN-625-1
File : nvt/gb_ubuntu_USN_625_1.nasl
2009-03-06Name : RedHat Update for kernel RHSA-2008:0508-01
File : nvt/gb_RHSA-2008_0508-01_kernel.nasl
2009-02-27Name : CentOS Update for kernel CESA-2008:0508 centos4 i386
File : nvt/gb_CESA-2008_0508_kernel_centos4_i386.nasl
2009-02-27Name : CentOS Update for kernel CESA-2008:0508 centos4 x86_64
File : nvt/gb_CESA-2008_0508_kernel_centos4_x86_64.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
48563Linux Kernel ptrace / utrace Support PTRACE_ATTACH Call Handling Local DoS

Nessus® Vulnerability Scanner

DateDescription
2014-11-26Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2008-2005.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0508.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090114_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080625_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2009-01-15Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2008-07-17Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-625-1.nasl - Type : ACT_GATHER_INFO
2008-07-02Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0508.nasl - Type : ACT_GATHER_INFO
2008-07-02Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0508.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/29945
CONFIRMhttp://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;...
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;...
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commit;...
https://bugzilla.redhat.com/show_bug.cgi?id=449359
MISChttp://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/te...
MLISThttp://marc.info/?l=linux-kernel&m=117863520707703&w=2
http://www.openwall.com/lists/oss-security/2008/06/26/1
http://www.openwall.com/lists/oss-security/2008/07/14/1
REDHAThttp://rhn.redhat.com/errata/RHSA-2008-0508.html
SECTRACKhttp://www.securitytracker.com/id?1020362
SECUNIAhttp://secunia.com/advisories/30850
http://secunia.com/advisories/31107
SREASONhttp://securityreason.com/securityalert/3965
UBUNTUhttp://www.ubuntu.com/usn/usn-625-1
XFhttp://xforce.iss.net/xforce/xfdb/43567

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:45:06
  • Multiple Updates
2013-05-11 00:17:46
  • Multiple Updates