Lucene search

K
ubuntucveUbuntu.comUB:CVE-2008-3525
HistorySep 03, 2008 - 12:00 a.m.

CVE-2008-3525

2008-09-0300:00:00
ubuntu.com
ubuntu.com
16

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

10.1%

The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in
the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability
before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3)
SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local
users to bypass intended capability restrictions.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchlinux< 2.6.24-21.43UNKNOWN
ubuntu6.06noarchlinux-source-2.6.15< 2.6.15-52.73UNKNOWN
ubuntu7.10noarchlinux-source-2.6.22< 2.6.22-15.59UNKNOWN

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

10.1%