Lucene search

[email protected]CVE-2008-1215

HistoryMar 09, 2008 - 2:44 a.m.

CVE-2008-1215

2008-03-0902:44:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-1215

buffer overflow

freebsd

openbsd

netbsd

privilege escalation

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Stack-based buffer overflow in the command_Expand_Interpret function in command.c in ppp (aka user-ppp), as distributed in FreeBSD 6.3 and 7.0, OpenBSD 4.1 and 4.2, and the net/userppp package for NetBSD, allows local users to gain privileges via long commands containing “~” characters.

Affected configurations

NVD

Node

freebsdfreebsdMatch6.3

freebsdfreebsdMatch7.0

netbsdnetbsd

openbsdopenbsdMatch4.1

openbsdopenbsdMatch4.2

CPENameOperatorVersion
freebsd:freebsdfreebsdeq6.3
freebsd:freebsdfreebsdeq7.0
netbsd:netbsdnetbsdeq*
openbsd:openbsdopenbsdeq4.1
openbsd:openbsdopenbsdeq4.2

CPE	Name	Operator	Version
freebsd:freebsd	freebsd	eq	6.3
freebsd:freebsd	freebsd	eq	7.0
netbsd:netbsd	netbsd	eq	*
openbsd:openbsd	openbsd	eq	4.1
openbsd:openbsd	openbsd	eq	4.2

References

secunia.com/advisories/29234

secunia.com/advisories/29238

secunia.com/advisories/29240

www.openbsd.org/errata41.html#014_ppp

www.openbsd.org/errata42.html#009_ppp

www.securityfocus.com/archive/82/488980/30/0/threaded

www.securityfocus.com/archive/82/489031/30/0/threaded

www.securityfocus.com/bid/28090

exchange.xforce.ibmcloud.com/vulnerabilities/41034

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2008-1215

nvd1 cvelist1 prion1