CVE-2008-1675

Sažetak

The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.

Reference

http://marc.info/?l=linux-kernel&m=120949204519706&w=2
http://marc.info/?l=linux-kernel&m=120949204619718&w=2
http://marc.info/?l=linux-kernel&m=120949582428998&w=2
http://secunia.com/advisories/30017
http://secunia.com/advisories/30044
http://secunia.com/advisories/30260
http://secunia.com/advisories/30515
http://wiki.rpath.com/Advisories:rPSA-2008-0157
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1
http://www.mandriva.com/security/advisories?name=MDVSA-2008:109
http://www.mandriva.com/security/advisories?name=MDVSA-2008:167
http://www.securityfocus.com/archive/1/491566/100/0/threaded
http://www.securityfocus.com/archive/1/491732/100/0/threaded
http://www.securityfocus.com/bid/29014
http://www.securitytracker.com/id?1019960
http://www.vupen.com/english/advisories/2008/1406/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42132
https://issues.rpath.com/browse/RPL-2501
https://usn.ubuntu.com/614-1/
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-10-2018 - 20:36

Objavljeno

02-05-2008 - 16:05