Vulnerability Description
OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openbsd | 4.2 |
References
- http://marc.info/?l=openbsd-security-announce&m=120007327504064
- http://secunia.com/advisories/28473Vendor Advisory
- http://www.openbsd.org/errata42.html#005_ifrtlabel
- http://www.securityfocus.com/bid/27252Exploit
- http://www.securitytracker.com/id?1019188
- https://www.exploit-db.com/exploits/4935
- http://marc.info/?l=openbsd-security-announce&m=120007327504064
- http://secunia.com/advisories/28473Vendor Advisory
- http://www.openbsd.org/errata42.html#005_ifrtlabel
- http://www.securityfocus.com/bid/27252Exploit
- http://www.securitytracker.com/id?1019188
- https://www.exploit-db.com/exploits/4935
FAQ
What is CVE-2008-0384?
CVE-2008-0384 is a vulnerability with a CVSS score of 4.9 (MEDIUM). OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereferen...
How severe is CVE-2008-0384?
CVE-2008-0384 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0384?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openbsd.