Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2008-4113
HistorySep 16, 2008 - 12:00 a.m.

CVE-2008-4113

2008-09-1600:00:00
ubuntu.com
ubuntu.com
13

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

9.7%

JSON

The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream
Control Transmission Protocol (sctp) implementation in the Linux kernel
before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an
untrusted length value to limit copying of data from kernel memory, which
allows local users to obtain sensitive information via a crafted
SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchlinux< 2.6.24-21.43UNKNOWN

Related

seebug 2
prion 2
cve 2
exploitpack 1
veracode 1
exploitdb 1
ubuntucve 1
openvas 7
nessus 4
securityvulns 2
osv 1
debian 1
redhat 1
suse 1
ubuntu 1
seebug
seebug
Linux Kernel &lt; 2.6.26.4 SCTP Kernel Memory Disclosure Exploit
2008-12-30 00:00:00
Linux Kernel < 2.6.26.4 - SCTP Kernel Memory Disclosure Exploit
2014-07-01 00:00:00
prion
prion
Design/Logic Flaw
2008-09-16 23:00:00
Design/Logic Flaw
2008-10-06 19:54:00
cve
cve
CVE-2008-4113
2008-09-16 23:00:00
CVE-2008-4445
2008-10-06 19:54:00
exploitpack
exploitpack
Linux Kernel 2.6.26.4 - SCTP Kernel Memory Disclosure
2008-12-29 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:34:22
exploitdb
exploitdb
Linux Kernel &lt; 2.6.26.4 - SCTP Kernel Memory Disclosure
2008-12-29 00:00:00
ubuntucve
ubuntucve
CVE-2008-4445
2008-10-06 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1655-1)
2008-11-01 00:00:00
Mandriva Update for kernel MDVSA-2008:223 (kernel)
2009-04-09 00:00:00
Mandriva Update for kernel MDVSA-2008:223 (kernel)
2009-04-09 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : kernel (MDVSA-2008:223)
2009-04-23 00:00:00
Debian DSA-1655-1 : linux-2.6.24 - denial of service/information leak/privilege escalation
2008-10-20 00:00:00
openSUSE Security Update : kernel (kernel-270)
2009-07-21 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1655-1] New Linux 2.6.24 packages fix several vulnerabilities
2008-10-18 00:00:00
Linux kernel multiple security vulnerabilities
2008-10-18 00:00:00
osv
osv
linux-2.6.24 - several vulnerabilities
2008-10-16 00:00:00
debian
debian
[SECURITY] [DSA 1655-1] New Linux 2.6.24 packages fix several vulnerabilities
2008-10-17 00:27:15
redhat
redhat
(RHSA-2008:0857) Important: kernel security and bug fix update
2008-10-07 00:00:00
suse
suse
remote denial of service in kernel
2008-10-27 17:50:21
ubuntu
ubuntu
Linux kernel vulnerabilities
2008-10-27 00:00:00

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

9.7%

JSON
Related for UB:CVE-2008-4113
seebug2prion2cve2exploitpack1veracode1exploitdb1ubuntucve1openvas7nessus4securityvulns2osv1debian1redhat1suse1ubuntu1