Executive Summary

Informations
Name CVE-2008-4445 First vendor Publication 2008-10-06
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:N/A:N)
Cvss Base Score 4.7 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4445

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20316
 
Oval ID: oval:org.mitre.oval:def:20316
Title: DSA-1655-1 linux-2.6.24 - several vulnerabilities
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, privilege escalation or a leak of sensitive data.
Family: unix Class: patch
Reference(s): DSA-1655-1
CVE-2008-1514
CVE-2008-3525
CVE-2008-3831
CVE-2008-4113
CVE-2008-4445
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): linux-2.6.24
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8075
 
Oval ID: oval:org.mitre.oval:def:8075
Title: DSA-1655 linux-2.6.24 -- denial of service/information leak/privilege escalation
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, privilege escalation or a leak of sensitive data. The Common Vulnerabilities and Exposures project identifies the following problems: Jan Kratochvil reported a local denial of service vulnerability in the ptrace interface for the s390 architecture. Local users can trigger an invalid pointer dereference, leading to a system panic. Eugene Teo reported a lack of capability checks in the kernel driver for Granch SBNI12 leased line adapters (sbni), allowing local users to perform privileged operations. Olaf Kirch discovered an issue with the i915 driver that may allow local users to cause memory corruption by use of an ioctl with insufficient privilege restrictions. Eugene Teo discovered two issues in the SCTP subsystem which allow local users to obtain access to sensitive memory when the SCTP-AUTH extension is enabled.
Family: unix Class: patch
Reference(s): DSA-1655
CVE-2008-1514
CVE-2008-3525
CVE-2008-3831
CVE-2008-4113
CVE-2008-4445
 Version: 3
Platform(s): Debian GNU/Linux 4.0
 Product(s): linux-2.6.24
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 998

OpenVAS Exploits

Date Description
2009-04-09 Name : Mandriva Update for kernel MDVSA-2008:223 (kernel)
File : nvt/gb_mandriva_MDVSA_2008_223.nasl
2009-03-23 Name : Ubuntu Update for linux, linux-source-2.6.15/22 vulnerabilities USN-659-1
File : nvt/gb_ubuntu_USN_659_1.nasl
2009-03-23 Name : Ubuntu Update for linux, linux-source-2.6.15/22 vulnerabilities USN-679-1
File : nvt/gb_ubuntu_USN_679_1.nasl
2009-01-23 Name : SuSE Update for kernel SUSE-SA:2008:053
File : nvt/gb_suse_2008_053.nasl
2008-11-01 Name : Debian Security Advisory DSA 1655-1 (linux-2.6.24)
File : nvt/deb_1655_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
48902 Linux Kernel SCTP net/sctp/auth.c sctp_auth_ep_set_hmacs Function Crafted IOC...

Nessus® Vulnerability Scanner

Date Description
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_kernel-081022.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-223.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-659-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-679-1.nasl - Type : ACT_GATHER_INFO
2008-10-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1655.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commi...
Source Url
BID http://www.securityfocus.com/bid/31121
CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4
DEBIAN http://www.debian.org/security/2008/dsa-1655
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:223
MLIST http://marc.info/?l=linux-sctp&m=121986743009093&w=2
http://marc.info/?l=linux-sctp&m=121986743209110&w=2
http://www.openwall.com/lists/oss-security/2008/09/24/9
http://www.openwall.com/lists/oss-security/2008/09/26/6
http://www.openwall.com/lists/oss-security/2008/09/27/1
http://www.openwall.com/lists/oss-security/2008/09/29/4
REDHAT http://www.redhat.com/support/errata/RHSA-2008-0857.html
SECTRACK http://www.securitytracker.com/id?1021001
SECUNIA http://secunia.com/advisories/32190
http://secunia.com/advisories/32315
http://secunia.com/advisories/32393
SUSE http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html
UBUNTU http://www.ubuntu.com/usn/usn-659-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Date Informations
2024-02-02 01:09:28
  • Multiple Updates
2024-02-01 12:02:47
  • Multiple Updates
2023-11-07 21:47:49
  • Multiple Updates
2023-09-05 12:08:50
  • Multiple Updates
2023-09-05 01:02:38
  • Multiple Updates
2023-09-02 12:08:57
  • Multiple Updates
2023-09-02 01:02:39
  • Multiple Updates
2023-08-12 12:10:33
  • Multiple Updates
2023-08-12 01:02:39
  • Multiple Updates
2023-08-11 12:08:59
  • Multiple Updates
2023-08-11 01:02:44
  • Multiple Updates
2023-08-06 12:08:36
  • Multiple Updates
2023-08-06 01:02:40
  • Multiple Updates
2023-08-04 12:08:42
  • Multiple Updates
2023-08-04 01:02:43
  • Multiple Updates
2023-07-14 12:08:41
  • Multiple Updates
2023-07-14 01:02:40
  • Multiple Updates
2023-03-29 01:09:53
  • Multiple Updates
2023-03-28 12:02:47
  • Multiple Updates
2022-10-11 12:07:42
  • Multiple Updates
2022-10-11 01:02:30
  • Multiple Updates
2022-03-11 01:06:32
  • Multiple Updates
2021-05-04 12:08:09
  • Multiple Updates
2021-04-22 01:08:30
  • Multiple Updates
2020-08-08 01:03:45
  • Multiple Updates
2020-07-30 01:03:55
  • Multiple Updates
2020-05-24 01:04:51
  • Multiple Updates
2020-05-23 00:22:22
  • Multiple Updates
2019-01-25 12:02:29
  • Multiple Updates
2018-10-30 12:02:38
  • Multiple Updates
2016-08-05 12:01:51
  • Multiple Updates
2016-06-29 00:01:28
  • Multiple Updates
2016-06-28 17:18:57
  • Multiple Updates
2016-04-26 17:53:35
  • Multiple Updates
2014-02-17 10:46:52
  • Multiple Updates
2013-05-11 00:27:48
  • Multiple Updates