Lucene search

[email protected]CVE-2008-0384

HistoryJan 22, 2008 - 8:00 p.m.

CVE-2008-0384

2008-01-2220:00:00

[email protected]

web.nvd.nist.gov

openbsd

4.2

local denial of service

vulnerability

kernel panic

siocgifrtlabel

ioctl

nvd

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked.

Affected configurations

NVD

Node

openbsdopenbsdMatch4.2

CPENameOperatorVersion
openbsd:openbsdopenbsdeq4.2

CPE	Name	Operator	Version
openbsd:openbsd	openbsd	eq	4.2

References

marc.info/?l=openbsd-security-announce&m=120007327504064

secunia.com/advisories/28473

www.openbsd.org/errata42.html#005_ifrtlabel

www.securityfocus.com/bid/27252

www.securitytracker.com/id?1019188

www.exploit-db.com/exploits/4935

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

Related for CVE-2008-0384

cvelist1 prion1 nvd1