Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2008-4445
HistoryOct 06, 2008 - 12:00 a.m.

CVE-2008-4445

2008-10-0600:00:00
ubuntu.com
ubuntu.com
11

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

9.3%

JSON

The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream
Control Transmission Protocol (sctp) implementation in the Linux kernel
before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify
that the identifier index is within the bounds established by
SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive
information via a crafted SCTP_HMAC_IDENT IOCTL request involving the
sctp_getsockopt function, a different vulnerability than CVE-2008-4113.

Notes

Author Note
kees The linked patch fixes this and CVE-2008-4113
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchlinux< 2.6.24-21.43UNKNOWN

Related

cve 2
prion 2
openvas 7
veracode 2
securityvulns 2
osv 1
nessus 4
debian 1
seebug 2
ubuntucve 1
exploitpack 1
exploitdb 1
redhat 1
suse 1
ubuntu 1
cve
cve
CVE-2008-4445
2008-10-06 19:54:00
CVE-2008-4113
2008-09-16 23:00:00
prion
prion
Design/Logic Flaw
2008-10-06 19:54:00
Design/Logic Flaw
2008-09-16 23:00:00
openvas
openvas
Debian: Security Advisory (DSA-1655-1)
2008-11-01 00:00:00
Debian Security Advisory DSA 1655-1 (linux-2.6.24)
2008-11-01 00:00:00
Mandriva Update for kernel MDVSA-2008:223 (kernel)
2009-04-09 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:34:22
Information Disclosure
2020-04-10 00:34:22
securityvulns
securityvulns
[SECURITY] [DSA 1655-1] New Linux 2.6.24 packages fix several vulnerabilities
2008-10-18 00:00:00
Linux kernel multiple security vulnerabilities
2008-10-18 00:00:00
osv
osv
linux-2.6.24 - several vulnerabilities
2008-10-16 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : kernel (MDVSA-2008:223)
2009-04-23 00:00:00
Debian DSA-1655-1 : linux-2.6.24 - denial of service/information leak/privilege escalation
2008-10-20 00:00:00
openSUSE Security Update : kernel (kernel-270)
2009-07-21 00:00:00
debian
debian
[SECURITY] [DSA 1655-1] New Linux 2.6.24 packages fix several vulnerabilities
2008-10-17 00:19:48
seebug
seebug
Linux Kernel &lt; 2.6.26.4 SCTP Kernel Memory Disclosure Exploit
2008-12-30 00:00:00
Linux Kernel < 2.6.26.4 - SCTP Kernel Memory Disclosure Exploit
2014-07-01 00:00:00
ubuntucve
ubuntucve
CVE-2008-4113
2008-09-16 00:00:00
exploitpack
exploitpack
Linux Kernel 2.6.26.4 - SCTP Kernel Memory Disclosure
2008-12-29 00:00:00
exploitdb
exploitdb
Linux Kernel &lt; 2.6.26.4 - SCTP Kernel Memory Disclosure
2008-12-29 00:00:00
redhat
redhat
(RHSA-2008:0857) Important: kernel security and bug fix update
2008-10-07 00:00:00
suse
suse
remote denial of service in kernel
2008-10-27 17:50:21
ubuntu
ubuntu
Linux kernel vulnerabilities
2008-10-27 00:00:00

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

9.3%

JSON
Related for UB:CVE-2008-4445
cve2prion2openvas7veracode2securityvulns2osv1nessus4debian1seebug2ubuntucve1exploitpack1exploitdb1redhat1suse1ubuntu1