Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.7
CVSSv2

CVE-2008-2365

Published: 30/06/2008 Updated: 07/11/2023
CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4
VMScore: 480
Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C
Subscribe to Linux Kernel

Vulnerability Summary

Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 up to and including 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions prior to 2.6.16.x.

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 2.6.11

linux linux kernel 2.6.20.9

linux linux kernel 2.6.23.4

linux linux kernel 2.6.22.15

linux linux kernel 2.6.17.12

linux linux kernel 2.6.21

linux linux kernel 2.6.16.9

linux linux kernel 2.6.12

linux linux kernel 2.6.12.12

linux linux kernel 2.6.19

linux linux kernel 2.6.14

linux linux kernel 2.6.15.3

linux linux kernel 2.6.20.13

linux linux kernel 2.6.22.4

linux linux kernel 2.6.16

linux linux kernel 2.6.13

linux linux kernel 2.6.17.2

linux linux kernel 2.6.13.3

linux linux kernel 2.6.11.8

linux linux kernel 2.6.24.2

linux linux kernel 2.6.23.7

linux linux kernel 2.6.17.8

linux linux kernel 2.6.14.4

linux linux kernel 2.6.25.5

linux linux kernel 2.6.17.14

linux linux kernel 2.6.10

linux linux kernel 2.6.22.12

linux linux kernel 2.6.14.3

linux linux kernel 2.6.24

linux linux kernel 2.6.18.3

linux linux kernel 2.6.11.6

linux linux kernel 2.6.11.11

linux linux kernel 2.6.16.13

linux linux kernel 2.6.21.6

linux linux kernel 2.6.22.1

linux linux kernel 2.6.17.3

linux linux kernel 2.6.24.1

linux linux kernel 2.6.20.5

linux linux kernel 2.6.22

linux linux kernel 2.6.15.1

linux linux kernel 2.6.11.5

linux linux kernel 2.6.19.1

linux linux kernel 2.6.18.4

linux linux kernel 2.6.16.1

linux linux kernel 2.6.18.1

linux linux kernel 2.6.23.1

linux linux kernel 2.6.14.5

linux linux kernel 2.6.13.2

linux linux kernel 2.6.17.5

linux linux kernel 2.6.21.1

linux linux kernel 2.6.25.3

linux linux kernel 2.6.17

linux linux kernel 2.6.19.2

linux linux kernel 2.6.21.4

linux linux kernel 2.6.16.11

linux linux kernel 2.6.15

linux linux kernel 2.6.17.10

linux linux kernel 2.6.15.11

linux linux kernel 2.6.24_rc4

linux linux kernel 2.6.14.1

linux linux kernel 2.6.16.23

linux linux kernel 2.6.12.5

linux linux kernel 2.6.20

linux linux kernel 2.6.23.10

linux linux kernel 2.6.22.7

linux linux kernel 2.6.12.1

linux linux kernel 2.6.17.1

linux linux kernel 2.6.20.8

linux linux kernel 2.6.20.15

linux linux kernel 2.6.13.4

linux linux kernel 2.6.23.9

linux linux kernel 2.6.22.6

linux linux kernel 2.6.23.3

linux linux kernel 2.6.22.3

linux linux kernel 2.6.12.2

linux linux kernel 2.6.23

linux linux kernel 2.6.20.11

linux linux kernel 2.6.20.3

linux linux kernel 2.6.22.13

linux linux kernel 2.6.15.2

linux linux kernel 2.6.22.17

linux linux kernel 2.6.23.14

linux linux kernel 2.6.17.11

linux linux kernel 2.6.12.4

linux linux kernel 2.6.22.11

linux linux kernel 2.6.12.3

linux linux kernel 2.6.23.2

linux linux kernel 2.6.25.1

linux linux kernel 2.6.25.4

linux linux kernel 2.6.21.7

linux linux kernel 2.6.21.2

linux linux kernel 2.6.15.4

linux linux kernel 2.6.23_rc1

linux linux kernel 2.6.20.2

linux linux kernel 2.6.16.12

linux linux kernel 2.6.16.27

linux linux kernel 2.6.12.6

linux linux kernel 2.6.17.7

linux linux kernel 2.6.20.1

linux linux kernel 2.6.11.7

linux linux kernel 2.6.24.6

linux linux kernel 2.6.12.22

linux linux kernel 2.6.24_rc5

redhat enterprise linux desktop 4.0

linux linux kernel 2.6.23.5

linux linux kernel 2.6.22.8

linux linux kernel 2.6.14.2

linux linux kernel 2.6.18

linux linux kernel 2.6.20.4

linux linux kernel 2.6.17.6

linux linux kernel 2.6.23.6

linux linux kernel 2.6.16.7

linux linux kernel 2.6.17.13

redhat enterprise linux 4.0

linux linux kernel 2.6.25

linux linux kernel 2.6.25.2

linux linux kernel 2.6.22.5

linux linux kernel 2.6.11.4

linux linux kernel 2.6.16.19

linux linux kernel 2.6.11.12

linux linux kernel 2.6.22.16

linux linux kernel 2.6.9

linux linux kernel 2.6.13.1

linux linux kernel 2.6.22.14

Vendor Advisories

Ubuntu Security Notice: linux, linux-source-2.6.15/20/22 vulnerabilities
Dirk Nehring discovered that the IPsec protocol stack did not correctly handle fragmented ESP packets A remote attacker could exploit this to crash the system, leading to a denial of service (CVE-2007-6282) ...

Exploits

Exploit DB: Linux Kernel 2.6.9 < 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service (2)
/* source: wwwsecurityfocuscom/bid/29945/info The Linux kernel is prone to a local denial-of-service vulnerability caused by a race condition Attackers can exploit this issue to cause the kernel to become unresponsive, denying service to legitimate users */ /* This software is provided 'as-is', without any express or implied war ...
Exploit DB: Linux Kernel 2.6.9 < 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service (1)
/* source: wwwsecurityfocuscom/bid/29945/info The Linux kernel is prone to a local denial-of-service vulnerability caused by a race condition Attackers can exploit this issue to cause the kernel to become unresponsive, denying service to legitimate users */ #include &lt;stdlibh&gt; #include &lt;sys/ptraceh&gt; int main(int argc, ...

References

CWE-362http://marc.info/?l=linux-kernel&m=117863520707703&w=2http://www.openwall.com/lists/oss-security/2008/06/26/1http://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/tests/late-ptrace-may-attach-check.c?cvsroot=systemtaphttps://bugzilla.redhat.com/show_bug.cgi?id=449359http://rhn.redhat.com/errata/RHSA-2008-0508.htmlhttp://www.securityfocus.com/bid/29945http://www.openwall.com/lists/oss-security/2008/07/14/1http://secunia.com/advisories/31107http://www.securitytracker.com/id?1020362http://secunia.com/advisories/30850http://www.ubuntu.com/usn/usn-625-1http://securityreason.com/securityalert/3965https://exchange.xforce.ibmcloud.com/vulnerabilities/43567https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10749http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=5ecfbae093f0c37311e89b29bfc0c9d586eace87http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=f358166a9405e4f1d8e50d8f415c26d95505b6dehttp://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=f5b40e363ad6041a96e3da32281d8faa191597b9https://usn.ubuntu.com/625-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/31966/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook