CVE-2008-3527

{"id": "CVE-2008-3527", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-11-05T15:00:14.147", "references": [{"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d91d531900bfa1165d445390b3b13a8013f98f7", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/32485", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/32759", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/33180", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2008/dsa-1687", "source": "secalert@redhat.com"}, {"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1021137", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=460251", "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions."}, {"lang": "es", "value": "arch/i386/kernel/sysenter.c en la implementaci\u00f3n Virtual Dynamic Shared Objects (vDSO) para el kernel de Linux anterior a v2.6.21, no comprueba de forma adecuada los l\u00edmites; esto permite a usuarios locales ganar privilegios o provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados. Est\u00e1 relacionado con las funciones install_special_mapping, syscall y syscall32_nopage."}], "lastModified": "2023-02-13T02:19:24.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "455AF113-2E2D-46F2-8F92-C21E06E5B39F", "versionEndIncluding": "2.6.20.21"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.2.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43F9DBB0-8AF7-42CA-95DD-68A344E9D549"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA39D4CE-22F0-46A2-B8CF-4599675E7D3A"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDD00664-A27C-4514-A2A4-079E8F9B0251"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E336C792-B7A1-4318-8050-DE9F03474CEF"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7228AE50-BACB-4AB8-9CE5-17DB0CD661AF"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6D260FD-E55E-4A95-AB7F-B880DBE37BAD"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E36D0159-1A05-4628-9C1C-360DED0F438C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E6654B9-42EB-4C2C-8F71-710D50556180"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FC560CC-F785-42D5-A25B-1BA02E7AC464"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C06F0037-DE20-4B4A-977F-BFCFAB026517"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1817C772-D367-4ABE-B835-466D31A6DC89"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C667B8E4-64EB-4A05-84FF-B2243DEF757D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9484B41A-DFB6-4481-80D8-440C711CEA53"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53D373AF-DE6B-428E-9F0F-F1D220900A4D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2975DF7-F916-456C-BF7C-2694559E5282"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D156EFF-D2E5-4F42-B6E7-954DE6CD90B4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "784EB96E-2FD3-4F77-8DB6-4D6C7A928946"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86A98A70-51E3-4556-8DC4-DD09CF370D1A"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "469EE3B0-3CC2-4AC2-86A0-2DF34205E707"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCFECB2B-6482-45F2-B3BB-EDDEDA0948A0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EC547EB-9308-4477-8256-A0E04B42D6DA"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F55A024-9F8E-44F8-A0D8-696BC232524A"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84595143-3B04-4CE8-81C0-28EEEC58CD0E"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32EE2B49-DDEB-4B49-A5F0-CAA161095A5F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3ABFA33-8FA1-488E-A9BD-1593F495F595"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62F6DE3A-E6CC-4D7E-BD08-E43DC4182200"}], "operator": "OR"}]}], "vendorComments": [{"comment": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.\n\nIt was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0957.html", "lastModified": "2009-01-15T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "secalert@redhat.com"}