Executive Summary

Informations
Name CVE-2008-5300 First vendor Publication 2008-12-01
Vendor Cve Last vendor Modification 2018-10-11

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 4.9 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5300

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10283
 
Oval ID: oval:org.mitre.oval:def:10283
Title: Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.
Description: Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5300
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11427
 
Oval ID: oval:org.mitre.oval:def:11427
Title: Service Console update for COS kernel
Description: Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5300
Version: 3
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19922
 
Oval ID: oval:org.mitre.oval:def:19922
Title: DSA-1681-1 linux-2.6.24 - several vulnerabilities
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
Family: unix Class: patch
Reference(s): DSA-1681-1
CVE-2008-3528
CVE-2008-4554
CVE-2008-4576
CVE-2008-4618
CVE-2008-4933
CVE-2008-4934
CVE-2008-5025
CVE-2008-5029
CVE-2008-5134
CVE-2008-5182
CVE-2008-5300
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): linux-2.6.24
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19979
 
Oval ID: oval:org.mitre.oval:def:19979
Title: DSA-1687-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
Family: unix Class: patch
Reference(s): DSA-1687-1
CVE-2008-3527
CVE-2008-3528
CVE-2008-4554
CVE-2008-4576
CVE-2008-4933
CVE-2008-4934
CVE-2008-5025
CVE-2008-5029
CVE-2008-5079
CVE-2008-5182
CVE-2008-5300
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): fai-kernels
linux-2.6
user-mode-linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21793
 
Oval ID: oval:org.mitre.oval:def:21793
Title: ELSA-2009:0225: Oracle Linux 5.x.3 kernel security and bug fix update (Important)
Description: Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.
Family: unix Class: patch
Reference(s): ELSA-2009:0225-03
CVE-2008-5029
CVE-2008-5079
CVE-2008-5182
CVE-2008-5300
Version: 21
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29343
 
Oval ID: oval:org.mitre.oval:def:29343
Title: RHSA-2009:0225 -- Red Hat Enterprise Linux 5.3 kernel security and bug fix update (Important)
Description: Updated kernel packages that fix three security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the third regular update. This update has been rated as having important security impact by the Red Hat Security Response Team.
Family: unix Class: patch
Reference(s): RHSA-2009:0225
CVE-2008-5029
CVE-2008-5079
CVE-2008-5182
CVE-2008-5300
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7980
 
Oval ID: oval:org.mitre.oval:def:7980
Title: DSA-1681 linux-2.6.24 -- denial of service/privilege escalation
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Eugene Teo reported a local DoS issue in the ext2 and ext3 filesystems. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that causes the kernel to output error messages in an infinite loop. Milos Szeredi reported that the usage of splice() on files opened with O_APPEND allows users to write to the file at arbitrary offsets, enabling a bypass of possible assumed semantics of the O_APPEND flag. Vlad Yasevich reported an issue in the SCTP subsystem that may allow remote users to cause a local DoS by triggering a kernel oops. Wei Yongjun reported an issue in the SCTP subsystem that may allow remote users to cause a local DoS by triggering a kernel panic. Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that causes the kernel to overrun a buffer, resulting in a system oops or memory corruption. Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that results in a kernel oops due to an unchecked return value. Eric Sesterhenn reported a local DoS issue in the hfs filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a filesystem with a corrupted catalog name length, resulting in a system oops or memory corruption. Andrea Bittau reported a DoS issue in the unix socket subsystem that allows a local user to cause memory corruption, resulting in a kernel panic. Johannes Berg reported a remote DoS issue in the libertas wireless driver, which can be triggered by a specially crafted beacon/probe response. Al Viro reported race conditions in the inotify subsystem that may allow local users to acquire elevated privileges. Dann Frazier reported a DoS condition that allows local users to cause the out of memory handler to kill off privileged processes or trigger soft lockups due to a starvation issue in the unix socket subsystem.
Family: unix Class: patch
Reference(s): DSA-1681
CVE-2008-3528
CVE-2008-4554
CVE-2008-4576
CVE-2008-4618
CVE-2008-4933
CVE-2008-4934
CVE-2008-5025
CVE-2008-5029
CVE-2008-5134
CVE-2008-5182
CVE-2008-5300
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): linux-2.6.24
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8144
 
Oval ID: oval:org.mitre.oval:def:8144
Title: DSA-1687 linux-2.6 -- denial of service/privilege escalation
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: Tavis Ormandy reported a local DoS and potential privilege escalation in the Virtual Dynamic Shared Objects (vDSO) implementation. Eugene Teo reported a local DoS issue in the ext2 and ext3 filesystems. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that causes the kernel to output error messages in an infinite loop. Milos Szeredi reported that the usage of splice() on files opened with O_APPEND allows users to write to the file at arbitrary offsets, enabling a bypass of possible assumed semantics of the O_APPEND flag. Vlad Yasevich reported an issue in the SCTP subsystem that may allow remote users to cause a local DoS by triggering a kernel oops. Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that causes the kernel to overrun a buffer, resulting in a system oops or memory corruption. Eric Sesterhenn reported a local DoS issue in the hfsplus filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a corrupted filesystem that results in a kernel oops due to an unchecked return value. Eric Sesterhenn reported a local DoS issue in the hfs filesystem. Local users who have been granted the privileges necessary to mount a filesystem would be able to craft a filesystem with a corrupted catalog name length, resulting in a system oops or memory corruption. Andrea Bittau reported a DoS issue in the unix socket subsystem that allows a local user to cause memory corruption, resulting in a kernel panic. Hugo Dias reported a DoS condition in the ATM subsystem that can be triggered by a local user by calling the svc_listen function twice on the same socket and reading /proc/net/atm/*vc. Al Viro reported race conditions in the inotify subsystem that may allow local users to acquire elevated privileges. Dann Frazier reported a DoS condition that allows local users to cause the out of memory handler to kill off privileged processes or trigger soft lockups due to a starvation issue in the unix socket subsystem.
Family: unix Class: patch
Reference(s): DSA-1687
CVE-2008-3527
CVE-2008-3528
CVE-2008-4554
CVE-2008-4576
CVE-2008-4933
CVE-2008-4934
CVE-2008-5025
CVE-2008-5029
CVE-2008-5079
CVE-2008-5182
CVE-2008-5300
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): linux-2.6
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 6

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for kernel CESA-2009:0014 centos4 i386
File : nvt/gb_CESA-2009_0014_kernel_centos4_i386.nasl
2011-08-09 Name : CentOS Update for kernel CESA-2009:1550 centos3 i386
File : nvt/gb_CESA-2009_1550_kernel_centos3_i386.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1550
File : nvt/RHSA_2009_1550.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1550 (kernel)
File : nvt/ovcesa2009_1550.nasl
2009-03-02 Name : RedHat Security Advisory RHSA-2009:0021
File : nvt/RHSA_2009_0021.nasl
2009-02-13 Name : Fedora Update for kernel FEDORA-2008-11593
File : nvt/gb_fedora_2008_11593_kernel_fc10.nasl
2009-02-13 Name : Fedora Update for kernel FEDORA-2008-11618
File : nvt/gb_fedora_2008_11618_kernel_fc9.nasl
2009-02-10 Name : RedHat Security Advisory RHSA-2009:0053
File : nvt/RHSA_2009_0053.nasl
2009-02-02 Name : Mandrake Security Advisory MDVSA-2009:032 (kernel)
File : nvt/mdksa_2009_032.nasl
2009-02-02 Name : Ubuntu USN-715-1 (linux)
File : nvt/ubuntu_715_1.nasl
2009-01-20 Name : RedHat Security Advisory RHSA-2009:0014
File : nvt/RHSA_2009_0014.nasl
2009-01-20 Name : CentOS Security Advisory CESA-2009:0014 (kernel)
File : nvt/ovcesa2009_0014.nasl
2009-01-20 Name : SuSE Security Advisory SUSE-SA:2009:003 (kernel-debug)
File : nvt/suse_sa_2009_003.nasl
2008-12-23 Name : Debian Security Advisory DSA 1687-1 (linux-2.6)
File : nvt/deb_1687_1.nasl
2008-12-10 Name : Debian Security Advisory DSA 1681-1 (linux-2.6.24)
File : nvt/deb_1681_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
50272 Linux Kernel sendmsg() Socket Operation Garbage Collector Local DoS

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1550.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1550.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0021.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091103_kernel_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090114_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-06-28 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0010.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1550.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_kernel-090114.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-032.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2008-11593.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-714-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-715-1.nasl - Type : ACT_GATHER_INFO
2009-01-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0225.nasl - Type : ACT_GATHER_INFO
2009-01-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2008-12-26 Name : The remote Fedora host is missing a security update.
File : fedora_2008-11618.nasl - Type : ACT_GATHER_INFO
2008-12-16 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1687.nasl - Type : ACT_GATHER_INFO
2008-12-05 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1681.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/32516
BUGTRAQ http://www.securityfocus.com/archive/1/499044/100/0/threaded
http://www.securityfocus.com/archive/1/512019/100/0/threaded
CONFIRM http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=473259
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0332
https://bugzilla.redhat.com/show_bug.cgi?id=470201
https://issues.rpath.com/browse/RPL-2915
DEBIAN http://www.debian.org/security/2008/dsa-1681
FEDORA https://www.redhat.com/archives/fedora-package-announce/2008-December/msg0135...
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:032
MLIST http://marc.info/?l=linux-netdev&m=122721862313564&w=2
http://marc.info/?l=linux-netdev&m=122765505415944&w=2
OSVDB http://osvdb.org/50272
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://www.redhat.com/support/errata/RHSA-2009-0014.html
http://www.redhat.com/support/errata/RHSA-2009-0053.html
https://rhn.redhat.com/errata/RHSA-2009-1550.html
SECUNIA http://secunia.com/advisories/32913
http://secunia.com/advisories/32998
http://secunia.com/advisories/33083
http://secunia.com/advisories/33348
http://secunia.com/advisories/33556
http://secunia.com/advisories/33706
http://secunia.com/advisories/33756
http://secunia.com/advisories/33854
SREASON http://securityreason.com/securityalert/4673
UBUNTU http://www.ubuntu.com/usn/usn-715-1
https://usn.ubuntu.com/714-1/
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/46943

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Date Informations
2024-02-02 01:09:47
  • Multiple Updates
2024-02-01 12:02:50
  • Multiple Updates
2023-09-05 12:09:08
  • Multiple Updates
2023-09-05 01:02:42
  • Multiple Updates
2023-09-02 12:09:14
  • Multiple Updates
2023-09-02 01:02:43
  • Multiple Updates
2023-08-12 12:10:51
  • Multiple Updates
2023-08-12 01:02:42
  • Multiple Updates
2023-08-11 12:09:17
  • Multiple Updates
2023-08-11 01:02:48
  • Multiple Updates
2023-08-06 12:08:54
  • Multiple Updates
2023-08-06 01:02:44
  • Multiple Updates
2023-08-04 12:08:59
  • Multiple Updates
2023-08-04 01:02:47
  • Multiple Updates
2023-07-14 12:08:58
  • Multiple Updates
2023-07-14 01:02:44
  • Multiple Updates
2023-03-29 01:10:12
  • Multiple Updates
2023-03-28 12:02:50
  • Multiple Updates
2022-10-11 12:07:57
  • Multiple Updates
2022-10-11 01:02:33
  • Multiple Updates
2021-05-04 12:08:26
  • Multiple Updates
2021-04-22 01:08:47
  • Multiple Updates
2020-05-23 00:22:39
  • Multiple Updates
2018-10-12 00:20:30
  • Multiple Updates
2018-10-04 00:19:33
  • Multiple Updates
2017-09-29 09:23:50
  • Multiple Updates
2017-08-08 09:24:32
  • Multiple Updates
2016-06-28 17:21:39
  • Multiple Updates
2016-04-26 18:04:39
  • Multiple Updates
2014-02-17 10:47:26
  • Multiple Updates
2013-05-11 00:31:34
  • Multiple Updates