Published: 12/02/2008 Updated: 13/02/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 730

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The vmsplice_to_pipe function in Linux kernel 2.6.17 up to and including 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6.20.6
linux linux kernel 2.6.17
linux linux kernel 2.6.20.9
linux linux kernel 2.6.18
linux linux kernel 2.6.23.4
linux linux kernel 2.6.20
linux linux kernel 2.6.18.7
linux linux kernel 2.6.17.12
linux linux kernel 2.6.21
linux linux kernel 2.6.17.9
linux linux kernel 2.6.19
linux linux kernel 2.6.20.13
linux linux kernel 2.6.22.4
linux linux kernel 2.6.17.2
linux linux kernel 2.6.23.7
linux linux kernel 2.6.17.8
linux linux kernel 2.6.17.4
linux linux kernel 2.6.17.14
linux linux kernel 2.6.24
linux linux kernel 2.6.18.3
linux linux kernel 2.6.22.1
linux linux kernel 2.6.17.3
linux linux kernel 2.6.24.1
linux linux kernel 2.6.20.5
linux linux kernel 2.6.22
linux linux kernel 2.6.19.3
linux linux kernel 2.6.19.1
linux linux kernel 2.6.18.4
linux linux kernel 2.6.18.1
linux linux kernel 2.6.23.1
linux linux kernel 2.6.17.5
linux linux kernel 2.6.18.5
linux linux kernel 2.6.21.1
linux linux kernel 2.6.19.2
linux linux kernel 2.6.21.4
linux linux kernel 2.6.20.12
linux linux kernel 2.6.17.10
linux linux kernel 2.6.22.7
linux linux kernel 2.6.17.1
linux linux kernel 2.6.20.8
linux linux kernel 2.6.20.15
linux linux kernel 2.6.23
linux linux kernel 2.6.23.9
linux linux kernel 2.6.22.6
linux linux kernel 2.6.23.3
linux linux kernel 2.6.18.8
linux linux kernel 2.6.22.3
linux linux kernel 2.6.18.2
linux linux kernel 2.6.20.11
linux linux kernel 2.6.20.3
linux linux kernel 2.6.21.3
linux linux kernel 2.6.23.14
linux linux kernel 2.6.17.11
linux linux kernel 2.6.20.10
linux linux kernel 2.6.23.2
linux linux kernel 2.6.21.2
linux linux kernel 2.6.20.2
linux linux kernel 2.6.17.7
linux linux kernel 2.6.20.1
linux linux kernel 2.6.18.6
linux linux kernel 2.6.23.5
linux linux kernel 2.6.20.4
linux linux kernel 2.6.17.6
linux linux kernel 2.6.23.6
linux linux kernel 2.6.17.13
linux linux kernel 2.6.20.14
linux linux kernel 2.6.22.5
linux linux kernel 2.6.20.7
linux linux kernel 2.6.22.16

Wojciech Purczynski discovered that the vmsplice system call did not properly perform verification of user-memory pointers A local attacker could exploit this to overwrite arbitrary kernel memory and gain root privileges (CVE-2008-0600) ...

The vmsplice system call did not properly verify address arguments passed by user space processes, which allowed local attackers to overwrite arbitrary kernel memory, gaining root privileges (CVE-2008-0010, CVE-2008-0600) In the vserver-enabled kernels, a missing access check on certain symlinks in /proc enabled local attackers to access resources ...

/* * diane_lane_fucked_hardc * * Linux vmsplice Local Root Exploit * By qaaz * * Linux 2623 - 2624 */ #define _GNU_SOURCE #include <stdioh> #include <errnoh> #include <stdlibh> #include <stringh> #include <unistdh> #include <sys/uioh> #define TARGET_PATTERN " sys_vm86old" #define TARGET_SYSCAL ...

/* * jessica_biel_naked_in_my_bedc * * Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura * Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca * Stejnak je to stare jak cyp a aj jakesyk rozbite * * Linux vmsplice Local Root Exploit * By qaaz * * Linux 2617 - 26241 * * This is quite old code and I had to rewrite it to ...

CWE-94 http://marc.info/?l=linux-kernel&m=120264773202422&w=2 http://marc.info/?l=linux-kernel&m=120263652322197&w=2 http://marc.info/?l=linux-kernel&m=120264520431307&w=2 http://marc.info/?l=linux-kernel&m=120266328220808&w=2 http://marc.info/?l=linux-kernel&m=120266353621139&w=2 http://wiki.rpath.com/Advisories:rPSA-2008-0052 http://www.debian.org/security/2008/dsa-1494 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:043 http://www.mandriva.com/security/advisories?name=MDVSA-2008:044 http://www.redhat.com/support/errata/RHSA-2008-0129.html http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html http://www.ubuntu.com/usn/usn-577-1 http://www.securityfocus.com/bid/27704 http://secunia.com/advisories/28835 http://secunia.com/advisories/28858 http://secunia.com/advisories/28875 http://secunia.com/advisories/28896 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0052 https://bugzilla.redhat.com/show_bug.cgi?id=432229 https://bugzilla.redhat.com/show_bug.cgi?id=432517 https://issues.rpath.com/browse/RPL-2237 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00270.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00485.html http://securitytracker.com/id?1019393 http://secunia.com/advisories/28889 http://secunia.com/advisories/28912 http://secunia.com/advisories/28925 http://secunia.com/advisories/28933 http://secunia.com/advisories/28937 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html http://www.securityfocus.com/bid/27801 http://secunia.com/advisories/29245 http://secunia.com/advisories/30818 http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://www.vupen.com/english/advisories/2008/0487/references https://www.exploit-db.com/exploits/5092 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11358 http://www.securityfocus.com/archive/1/488009/100/0/threaded https://usn.ubuntu.com/577-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/5093/

CVE-2008-0600

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect