Lucene search

K

[email protected]CVE-2008-2136

HistoryMay 16, 2008 - 12:54 p.m.

CVE-2008-2136

2008-05-1612:54:00

CWE-399

[email protected]

web.nvd.nist.gov

53

cve-2008-2136

memory leak

ipip6_rcv

linux kernel 2.4

linux kernel 2.6

denial of service

sit tunnel interface

network traffic

nvd

5.7 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.894 High

EPSS

Percentile

98.7%

Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt2.4.36.5
linux:linux_kernellinux linux kernellt2.6.25.3
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04

References

kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3

lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html

lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html

marc.info/?l=linux-netdev&m=121031533024912&w=2

secunia.com/advisories/30198

secunia.com/advisories/30241

secunia.com/advisories/30276

secunia.com/advisories/30368

secunia.com/advisories/30499

secunia.com/advisories/30818

secunia.com/advisories/30962

secunia.com/advisories/31107

secunia.com/advisories/31198

secunia.com/advisories/31341

secunia.com/advisories/31628

secunia.com/advisories/31689

secunia.com/advisories/33201

secunia.com/advisories/33280

support.avaya.com/elmodocs2/security/ASA-2008-362.htm

wiki.rpath.com/wiki/Advisories:rPSA-2008-0169

www.debian.org/security/2008/dsa-1588

www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.5

www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3

www.mandriva.com/security/advisories?name=MDVSA-2008:167

www.mandriva.com/security/advisories?name=MDVSA-2008:174

www.redhat.com/support/errata/RHSA-2008-0585.html

www.redhat.com/support/errata/RHSA-2008-0607.html

www.redhat.com/support/errata/RHSA-2008-0612.html

www.redhat.com/support/errata/RHSA-2008-0787.html

www.redhat.com/support/errata/RHSA-2008-0973.html

www.securityfocus.com/bid/29235

www.securitytracker.com/id?1020118

www.ubuntu.com/usn/usn-625-1

www.vupen.com/english/advisories/2008/1543/references

www.vupen.com/english/advisories/2008/1716/references

exchange.xforce.ibmcloud.com/vulnerabilities/42451

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11038

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6503

www.redhat.com/archives/fedora-package-announce/2008-May/msg00294.html

5.7 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.894 High

EPSS

Percentile

98.7%

Related for CVE-2008-2136

openvas33 prion1 nessus26 seebug1 redhat6 centos4 veracode1 checkpoint_advisories1 ubuntucve1 oraclelinux4 fedora1 osv1 securityvulns2 debian2 suse2 ubuntu1 vmware2