9.3 - CVE-2008-3915

Executive Summary

Informations
Name	CVE-2008-3915	First vendor Publication	2008-09-10
Vendor	Cve	Last vendor Modification	2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3915

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17322

Oval ID:	oval:org.mitre.oval:def:17322
Title:	USN-659-1 -- linux, linux-source-2.6.15/22 vulnerabilities
Description:	It was discovered that the direct-IO subsystem did not correctly validate certain structures.
Family:	unix	Class:	patch
Reference(s):	USN-659-1 CVE-2007-6716 CVE-2008-2372 CVE-2008-3276 CVE-2008-3525 CVE-2008-3526 CVE-2008-3534 CVE-2008-3535 CVE-2008-3792 CVE-2008-4113 CVE-2008-4445 CVE-2008-3831 CVE-2008-3915	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 7.10 Ubuntu 8.04	Product(s):	linux linux-source-2.6.15 linux-source-2.6.22
Definition Synopsis:
Release section Ubuntu 6.06 is installed Packages match section linux-image-2.6.15-52-386 DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-686 DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-amd64-generic DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-amd64-k8 DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-amd64-server DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-amd64-xeon DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-hppa32 DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-hppa32-smp DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-hppa64 DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-hppa64-smp DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-itanium DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-itanium-smp DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-k7 DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-mckinley DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-mckinley-smp DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-powerpc DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-powerpc-smp DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-powerpc64-smp DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-server DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-server-bigiron DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-sparc64 DPKG is earlier than 2.6.15-52.73 AND linux-image-2.6.15-52-sparc64-smp DPKG is earlier than 2.6.15-52.73 AND Release section Ubuntu 7.10 is installed Packages match section linux-image-2.6.22-15-386 DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-cell DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-generic DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-hppa32 DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-hppa64 DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-itanium DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-lpia DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-lpiacompat DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-mckinley DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-powerpc DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-powerpc-smp DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-powerpc64-smp DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-rt DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-server DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-sparc64 DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-sparc64-smp DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-ume DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-virtual DPKG is earlier than 2.6.22-15.59 AND linux-image-2.6.22-15-xen DPKG is earlier than 2.6.22-15.59 AND Release section Ubuntu 8.04 is installed Packages match section linux-image-2.6.24-21-386 DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-generic DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-hppa32 DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-hppa64 DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-itanium DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-lpia DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-lpiacompat DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-mckinley DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-openvz DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-powerpc DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-powerpc-smp DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-powerpc64-smp DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-rt DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-server DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-sparc64 DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-sparc64-smp DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-virtual DPKG is earlier than 2.6.24-21.43 AND linux-image-2.6.24-21-xen DPKG is earlier than 2.6.24-21.43

Definition Id: oval:org.mitre.oval:def:18712

Oval ID:	oval:org.mitre.oval:def:18712
Title:	DSA-1636-1 linux-2.6.24 - several vulnerabilities
Description:	Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or leak sensitive data.
Family:	unix	Class:	patch
Reference(s):	DSA-1636-1 CVE-2008-3272 CVE-2008-3275 CVE-2008-3276 CVE-2008-3526 CVE-2008-3534 CVE-2008-3535 CVE-2008-3792 CVE-2008-3915	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	linux-2.6.24
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND linux-2.6.24 DPKG is earlier than 2.6.24-6~etchnhalf.5

Definition Id: oval:org.mitre.oval:def:8234

Oval ID:	oval:org.mitre.oval:def:8234
Title:	DSA-1636 linux-2.6.24 -- denial of service/information leak
Description:	Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or leak sensitive data. The Common Vulnerabilities and Exposures project identifies the following problems: Tobias Klein reported a locally exploitable data leak in the snd_seq_oss_synth_make_info() function. This may allow local users to gain access to sensitive information. Zoltan Sogor discovered a coding error in the VFS that allows local users to exploit a kernel memory leak resulting in a denial of service. Eugene Teo reported an integer overflow in the DCCP subsystem that may allow remote attackers to cause a denial of service in the form of a kernel panic. Eugene Teo reported a missing bounds check in the SCTP subsystem. By exploiting an integer overflow in the SCTP_AUTH_KEY handling code, remote attackers may be able to cause a denial of service in the form of a kernel panic. Kel Modderman reported an issue in the tmpfs filesystem that allows local users to crash a system by triggering a kernel BUG() assertion. Alexey Dobriyan discovered an off-by-one-error in the iov_iter_advance function which can be exploited by local users to crash a system, resulting in a denial of service. Vlad Yasevich reported several NULL pointer reference conditions in the SCTP subsystem that can be triggered by entering sctp-auth codepaths when the AUTH feature is inactive. This may allow attackers to cause a denial of service condition via a system panic. Johann Dahm and David Richter reported an issue in the nfsd subsystem that may allow remote attackers to cause a denial of service via a buffer overflow.
Family:	unix	Class:	patch
Reference(s):	DSA-1636 CVE-2008-3272 CVE-2008-3275 CVE-2008-3276 CVE-2008-3526 CVE-2008-3534 CVE-2008-3535 CVE-2008-3792 CVE-2008-3915	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	linux-2.6.24
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section linux-patch-debian-2.6.24 is earlier than 2.6.24-6~etchnhalf.5 AND linux-support-2.6.24-etchnhalf.1 is earlier than 2.6.24-6~etchnhalf.5 AND linux-doc-2.6.24 is earlier than 2.6.24-6~etchnhalf.5 AND linux-tree-2.6.24 is earlier than 2.6.24-6~etchnhalf.5 AND linux-source-2.6.24 is earlier than 2.6.24-6~etchnhalf.5 AND linux-manual-2.6.24 is earlier than 2.6.24-6~etchnhalf.5 OR Architecture dependent section Installed architecture is s390 AND Packages section linux-image-2.6.24-etchnhalf.1-s390x is earlier than 2.6.24-6~etchnhalf.5 AND linux-headers-2.6.24-etchnhalf.1-s390 is earlier than 2.6.24-6~etchnhalf.5 AND linux-headers-2.6.24-etchnhalf.1-all-s390 is earlier than 2.6.24-6~etchnhalf.5 AND linux-image-2.6.24-etchnhalf.1-s390 is earlier than 2.6.24-6~etchnhalf.5 AND linux-image-2.6.24-etchnhalf.1-s390-tape is earlier than 2.6.24-6~etchnhalf.5 AND linux-headers-2.6.24-etchnhalf.1-all is earlier than 2.6.24-6~etchnhalf.5 AND linux-headers-2.6.24-etchnhalf.1-common is earlier than 2.6.24-6~etchnhalf.5 AND linux-headers-2.6.24-etchnhalf.1-s390x is earlier than 2.6.24-6~etchnhalf.5 OR Architecture dependent section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Packages section linux-headers-2.6.24-etchnhalf.1-amd64 is earlier than 2.6.24-6~etchnhalf.5 AND linux-headers-2.6.24-etchnhalf.1-common is earlier than 2.6.24-6~etchnhalf.5 AND linux-image-2.6.24-etchnhalf.1-amd64 is earlier than 2.6.24-6~etchnhalf.5 AND linux-headers-2.6.24-etchnhalf.1-all is earlier than 2.6.24-6~etchnhalf.5 OR Supported platform section Installed architecture is hppa AND Packages section linux-image-2.6.24-etchnhalf.1-parisc64 is earlier than 2.6.24-6~etchnhalf.5 AND linux-image-2.6.24-etchnhalf.1-parisc-smp is earlier than 2.6.24-6~etchnhalf.5 AND linux-headers-2.6.24-etchnhalf.1-parisc-smp is earlier than 2.6.24-6~etchnhalf.5 AND linux-headers-2.6.24-etchnhalf.1-parisc64 is earlier than 2.6.24-6~etchnhalf.5 AND linux-image-2.6.24-etchnhalf.1-parisc is earlier than 2.6.24-6~etchnhalf.5 AND linux-headers-2.6.24-etchnhalf.1-all-hppa is earlier than 2.6.24-6~etchnhalf.5 AND linux-image-2.6.24-etchnhalf.1-parisc64-smp is earlier than 2.6.24-6~etchnhalf.5 AND linux-headers-2.6.24-etchnhalf.1-parisc64-smp is earlier than 2.6.24-6~etchnhalf.5 AND linux-headers-2.6.24-etchnhalf.1-all is earlier than 2.6.24-6~etchnhalf.5 AND linux-headers-2.6.24-etchnhalf.1-common is earlier than 2.6.24-6~etchnhalf.5 AND linux-headers-2.6.24-etchnhalf.1-parisc is earlier than 2.6.24-6~etchnhalf.5

CPE : Common Platform Enumeration

Type	Description	Count
Os	Linux Linux Kernel cpe:2.3:o:linux:linux_kernel:2.6.25.9:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25.8:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25.15:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25.14:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25.13:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25.12:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25.11:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25.10:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.25:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.24.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.24.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.24.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.24.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.24.3:::::::* cpe:2.3:o:linux:linux_kernel:2.6.24.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.24.1:::::::* cpe:2.3:o:linux:linux_kernel:2.6.24:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.23.9:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.8:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.17:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.16:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.15:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.13:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.12:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.11:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23.10:::::::* cpe:2.3:o:linux:linux_kernel:2.6.23:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.22.9:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.8:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.22:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.21:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.20:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.2:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.19:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.18:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.17:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.15:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.14:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.13:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.12:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.11:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22.10:::::::* cpe:2.3:o:linux:linux_kernel:2.6.22:-:::::: cpe:2.3:o:linux:linux_kernel:2.6.21.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.21.6:::::::* cpe:2.3:o:linux:linux_kernel:2.6.21.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.20.21:::::::* cpe:2.3:o:linux:linux_kernel:2.6.20.20:::::::* cpe:2.3:o:linux:linux_kernel:2.6.20.19:::::::* cpe:2.3:o:linux:linux_kernel:2.6.20.18:::::::* cpe:2.3:o:linux:linux_kernel:2.6.20.17:::::::* cpe:2.3:o:linux:linux_kernel:2.6.20.16:::::::* cpe:2.3:o:linux:linux_kernel:2.6.19.7:::::::* cpe:2.3:o:linux:linux_kernel:2.6.19.5:::::::* cpe:2.3:o:linux:linux_kernel:2.6.19.4:::::::* cpe:2.3:o:linux:linux_kernel:2.6.18:-::::::	63

OpenVAS Exploits

Date	Description
2009-03-23	Name : Ubuntu Update for linux, linux-source-2.6.15/22 vulnerabilities USN-659-1 File : nvt/gb_ubuntu_USN_659_1.nasl
2009-03-23	Name : Ubuntu Update for linux, linux-source-2.6.15/22 vulnerabilities USN-679-1 File : nvt/gb_ubuntu_USN_679_1.nasl
2008-09-17	Name : Debian Security Advisory DSA 1636-1 (linux-2.6.24) File : nvt/deb_1636_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
48470	Linux Kernel nfsd NFSv4 ACL Decoding Remote Overflow

Snort® IPS/IDS

Date	Description
2014-01-10	Linux Kernel NFSD Subsystem overflow attempt RuleID : 16352 - Revision : 7 - Type : OS-LINUX

Nessus® Vulnerability Scanner

Date	Description
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-659-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-679-1.nasl - Type : ACT_GATHER_INFO
2008-09-12	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1636.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3...

Source	Url
BID	http://www.securityfocus.com/bid/31133
CONFIRM	http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4 https://bugzilla.redhat.com/show_bug.cgi?id=461101
DEBIAN	http://www.debian.org/security/2008/dsa-1636
MLIST	http://lkml.org/lkml/2008/9/3/286 http://www.openwall.com/lists/oss-security/2008/09/04/18 http://www.openwall.com/lists/oss-security/2008/09/04/4
REDHAT	http://www.redhat.com/support/errata/RHSA-2008-0857.html
SECUNIA	http://secunia.com/advisories/31881 http://secunia.com/advisories/32190 http://secunia.com/advisories/32393
UBUNTU	http://www.ubuntu.com/usn/usn-659-1
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/45055

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-02 01:09:18	Multiple Updates
2024-02-01 12:02:45	Multiple Updates
2023-11-07 21:47:49	Multiple Updates
2023-09-05 12:08:40	Multiple Updates
2023-09-05 01:02:36	Multiple Updates
2023-09-02 12:08:47	Multiple Updates
2023-09-02 01:02:37	Multiple Updates
2023-08-12 12:10:22	Multiple Updates
2023-08-12 01:02:37	Multiple Updates
2023-08-11 12:08:49	Multiple Updates
2023-08-11 01:02:42	Multiple Updates
2023-08-06 12:08:27	Multiple Updates
2023-08-06 01:02:38	Multiple Updates
2023-08-04 12:08:32	Multiple Updates
2023-08-04 01:02:41	Multiple Updates
2023-07-14 12:08:31	Multiple Updates
2023-07-14 01:02:38	Multiple Updates
2023-03-29 01:09:43	Multiple Updates
2023-03-28 12:02:44	Multiple Updates
2022-10-11 12:07:34	Multiple Updates
2022-10-11 01:02:28	Multiple Updates
2021-05-04 12:08:00	Multiple Updates
2021-04-22 01:08:21	Multiple Updates
2020-05-23 00:22:12	Multiple Updates
2017-08-08 09:24:21	Multiple Updates
2016-04-26 17:47:34	Multiple Updates
2014-02-17 10:46:22	Multiple Updates
2014-01-19 21:25:12	Multiple Updates
2013-05-11 00:25:01	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	3
CPE ID(s)	63
Sources(s)	14
osvdb(s)	1
Openvas Exploit(s)	3
Snort® Rule(s)	1
Nessus® Exploit(s)	3

	Related
9.3	USN-659-1
9.3	RHSA-2008:0857
9.3	DSA-1636
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

9.3 - CVE-2008-3915

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU