Lucene search

K
ubuntucveUbuntu.comUB:CVE-2008-5029
HistoryNov 10, 2008 - 12:00 a.m.

CVE-2008-5029

2008-11-1000:00:00
ubuntu.com
ubuntu.com
19

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

EPSS

0

Percentile

10.1%

The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4,
2.6.26, and earlier makes indirect recursive calls to itself through calls
to the fput function, which allows local users to cause a denial of service
(panic) via vectors related to sending an SCM_RIGHTS message through a UNIX
domain socket and closing file descriptors.

Notes

Author Note
kees raised priority due to public PoC
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchlinux< 2.6.24-22.45UNKNOWN
ubuntu8.10noarchlinux< 2.6.27-9.19UNKNOWN
ubuntu6.06noarchlinux-source-2.6.15< 2.6.15-53.74UNKNOWN
ubuntu7.10noarchlinux-source-2.6.22< 2.6.22-16.60UNKNOWN

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

EPSS

0

Percentile

10.1%