CVE-2008-2358
Published Jun 10, 2008
Last updated 7 years ago
Overview
- Description
- Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-189
Evaluator
- Comment
- -
- Impact
- -
- Solution
- -
Vendor comments
- Red HatThis issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0519.html
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E86E13B-EC92-47F3-94A9-DB515313011D"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C06F0037-DE20-4B4A-977F-BFCFAB026517"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "179147E4-5247-451D-9409-545D661BC158"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6940324-0383-4510-BA55-770E0A6B80B7"
}
],
"operator": "OR"
}
]
}
]