7.2

CVE-2008-0600

Exploit
The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version2.6.17
LinuxLinux Kernel Version2.6.17 Updaterc1
LinuxLinux Kernel Version2.6.17 Updaterc2
LinuxLinux Kernel Version2.6.17 Updaterc3
LinuxLinux Kernel Version2.6.17 Updaterc4
LinuxLinux Kernel Version2.6.17 Updaterc5
LinuxLinux Kernel Version2.6.17 Updaterc6
LinuxLinux Kernel Version2.6.17.1
LinuxLinux Kernel Version2.6.17.2
LinuxLinux Kernel Version2.6.17.3
LinuxLinux Kernel Version2.6.17.4
LinuxLinux Kernel Version2.6.17.5
LinuxLinux Kernel Version2.6.17.6
LinuxLinux Kernel Version2.6.17.7
LinuxLinux Kernel Version2.6.17.8
LinuxLinux Kernel Version2.6.17.9
LinuxLinux Kernel Version2.6.17.10
LinuxLinux Kernel Version2.6.17.11
LinuxLinux Kernel Version2.6.17.12
LinuxLinux Kernel Version2.6.17.13
LinuxLinux Kernel Version2.6.17.14
LinuxLinux Kernel Version2.6.18
LinuxLinux Kernel Version2.6.18 Updaterc1
LinuxLinux Kernel Version2.6.18 Updaterc2
LinuxLinux Kernel Version2.6.18 Updaterc3
LinuxLinux Kernel Version2.6.18 Updaterc4
LinuxLinux Kernel Version2.6.18 Updaterc5
LinuxLinux Kernel Version2.6.18 Updaterc6
LinuxLinux Kernel Version2.6.18 Updaterc7
LinuxLinux Kernel Version2.6.18.1
LinuxLinux Kernel Version2.6.18.2
LinuxLinux Kernel Version2.6.18.3
LinuxLinux Kernel Version2.6.18.4
LinuxLinux Kernel Version2.6.18.5
LinuxLinux Kernel Version2.6.18.6
LinuxLinux Kernel Version2.6.18.7
LinuxLinux Kernel Version2.6.18.8
LinuxLinux Kernel Version2.6.19
LinuxLinux Kernel Version2.6.19 Updaterc1
LinuxLinux Kernel Version2.6.19 Updaterc2
LinuxLinux Kernel Version2.6.19 Updaterc3
LinuxLinux Kernel Version2.6.19 Updaterc4
LinuxLinux Kernel Version2.6.19.1
LinuxLinux Kernel Version2.6.19.2
LinuxLinux Kernel Version2.6.19.3
LinuxLinux Kernel Version2.6.20
LinuxLinux Kernel Version2.6.20 Updaterc2
LinuxLinux Kernel Version2.6.20.1
LinuxLinux Kernel Version2.6.20.2
LinuxLinux Kernel Version2.6.20.3
LinuxLinux Kernel Version2.6.20.4
LinuxLinux Kernel Version2.6.20.5
LinuxLinux Kernel Version2.6.20.6
LinuxLinux Kernel Version2.6.20.7
LinuxLinux Kernel Version2.6.20.8
LinuxLinux Kernel Version2.6.20.9
LinuxLinux Kernel Version2.6.20.10
LinuxLinux Kernel Version2.6.20.11
LinuxLinux Kernel Version2.6.20.12
LinuxLinux Kernel Version2.6.20.13
LinuxLinux Kernel Version2.6.20.14
LinuxLinux Kernel Version2.6.20.15
LinuxLinux Kernel Version2.6.21
LinuxLinux Kernel Version2.6.21 Updategit1
LinuxLinux Kernel Version2.6.21 Updategit2
LinuxLinux Kernel Version2.6.21 Updategit3
LinuxLinux Kernel Version2.6.21 Updategit4
LinuxLinux Kernel Version2.6.21 Updategit5
LinuxLinux Kernel Version2.6.21 Updategit6
LinuxLinux Kernel Version2.6.21 Updategit7
LinuxLinux Kernel Version2.6.21 Updaterc3
LinuxLinux Kernel Version2.6.21 Updaterc4
LinuxLinux Kernel Version2.6.21 Updaterc5
LinuxLinux Kernel Version2.6.21 Updaterc6
LinuxLinux Kernel Version2.6.21 Updaterc7
LinuxLinux Kernel Version2.6.21.1
LinuxLinux Kernel Version2.6.21.2
LinuxLinux Kernel Version2.6.21.3
LinuxLinux Kernel Version2.6.21.4
LinuxLinux Kernel Version2.6.22
LinuxLinux Kernel Version2.6.22 Updaterc6
LinuxLinux Kernel Version2.6.22.1
LinuxLinux Kernel Version2.6.22.3
LinuxLinux Kernel Version2.6.22.4
LinuxLinux Kernel Version2.6.22.5
LinuxLinux Kernel Version2.6.22.6
LinuxLinux Kernel Version2.6.22.7
LinuxLinux Kernel Version2.6.22.16
LinuxLinux Kernel Version2.6.23
LinuxLinux Kernel Version2.6.23 Updaterc1
LinuxLinux Kernel Version2.6.23 Updaterc2
LinuxLinux Kernel Version2.6.23.1
LinuxLinux Kernel Version2.6.23.2
LinuxLinux Kernel Version2.6.23.3
LinuxLinux Kernel Version2.6.23.4
LinuxLinux Kernel Version2.6.23.5
LinuxLinux Kernel Version2.6.23.6
LinuxLinux Kernel Version2.6.23.7
LinuxLinux Kernel Version2.6.23.9
LinuxLinux Kernel Version2.6.23.14
LinuxLinux Kernel Version2.6.24
LinuxLinux Kernel Version2.6.24 Updaterc2
LinuxLinux Kernel Version2.6.24 Updaterc3
LinuxLinux Kernel Version2.6.24.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.54% 0.878
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
http://secunia.com/advisories/29245
http://secunia.com/advisories/30818
http://www.mandriva.com/security/advisories?name=MDVSA-2008:044
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html
http://secunia.com/advisories/28889
http://secunia.com/advisories/28835
http://secunia.com/advisories/28896
http://www.securityfocus.com/bid/27704
http://www.vupen.com/english/advisories/2008/0487/references
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html
http://secunia.com/advisories/28875
http://www.debian.org/security/2008/dsa-1494
http://marc.info/?l=linux-kernel&m=120263652322197&w=2
Exploit
http://marc.info/?l=linux-kernel&m=120264520431307&w=2
Exploit
http://marc.info/?l=linux-kernel&m=120264773202422&w=2
Exploit
http://marc.info/?l=linux-kernel&m=120266328220808&w=2
Exploit
http://marc.info/?l=linux-kernel&m=120266353621139&w=2
Exploit
http://secunia.com/advisories/28858
http://secunia.com/advisories/28912
http://secunia.com/advisories/28925
http://secunia.com/advisories/28933
http://secunia.com/advisories/28937
http://securitytracker.com/id?1019393
http://wiki.rpath.com/Advisories:rPSA-2008-0052
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0052
http://www.mandriva.com/security/advisories?name=MDVSA-2008:043
http://www.redhat.com/support/errata/RHSA-2008-0129.html
http://www.securityfocus.com/archive/1/488009/100/0/threaded
http://www.securityfocus.com/bid/27801
http://www.ubuntu.com/usn/usn-577-1
https://bugzilla.redhat.com/show_bug.cgi?id=432229
https://bugzilla.redhat.com/show_bug.cgi?id=432517
https://issues.rpath.com/browse/RPL-2237
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11358
https://www.exploit-db.com/exploits/5092
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00270.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00485.html