Lucene search

K
ubuntuUbuntuUSN-662-1
HistoryNov 05, 2008 - 12:00 a.m.

Linux kernel vulnerabilities

2008-11-0500:00:00
ubuntu.com
78
linux kernel
ubuntu 8.10
denial of service
filesystems
cve-2008-3528
ndiswrapper
wireless network
arbitrary code
root privileges

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

AI Score

6

Confidence

High

EPSS

0.055

Percentile

93.3%

Releases

  • Ubuntu 8.10

Packages

  • linux -

Details

It was discovered that the Linux kernel could be made to hang temporarily
when mounting corrupted ext2/3 filesystems. If a user were tricked into
mounting a specially crafted filesystem, a remote attacker could cause
system hangs, leading to a denial of service. (CVE-2008-3528)

Anders Kaseorg discovered that ndiswrapper did not correctly handle long
ESSIDs. For a system using ndiswrapper, a physically near-by attacker
could generate specially crafted wireless network traffic and execute
arbitrary code with root privileges. (CVE-2008-4395)

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

AI Score

6

Confidence

High

EPSS

0.055

Percentile

93.3%