CVE-2008-2812 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.25.10
Canonical	Ubuntu Linux	6.06
Novell	Linux Desktop	9
Opensuse	Opensuse	10.3
Suse	Suse Linux Enterprise Desktop	10
Suse	Suse Linux Enterprise Server	10
Debian	Debian Linux	4.0
Avaya	Communication Manager	>= 3.1
Avaya	Expanded Meet-Me Conferencing	All versions
Avaya	Intuity Audix Lx	2.0
Avaya	Meeting Exchange	5.0
Avaya	Message Networking	3.1
Avaya	Messaging Storage Server	4.0
Avaya	Proactive Contact	4.0
Avaya	Sip Enablement Services	-

Related Weaknesses (CWE)

CWE-476

References

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdi
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10Broken Link
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/30982Broken Link
http://secunia.com/advisories/31048Broken Link
http://secunia.com/advisories/31202Broken Link
http://secunia.com/advisories/31229Broken Link
http://secunia.com/advisories/31341Broken Link
http://secunia.com/advisories/31551Broken Link

FAQ

What is CVE-2008-2812?

CVE-2008-2812 is a vulnerability with a CVSS score of 7.8 (HIGH). The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL ...

How severe is CVE-2008-2812?

CVE-2008-2812 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-2812?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Novell Linux Desktop, Opensuse Opensuse, Suse Suse Linux Enterprise Desktop.