4.9
CVSSv2

CVE-2008-5079

Published: 09/12/2008 Updated: 11/10/2018
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
VMScore: 495
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and previous versions allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 2.6.23.15

linux linux kernel 2.6.23.17

linux linux kernel 2.6.20.21

linux linux kernel 2.6.23.8

linux linux kernel 2.6.19.5

linux linux kernel 2.6.19.6

linux linux kernel 2.4.36.5

linux linux kernel 2.4.36.1

linux linux kernel 2.6.25.17

linux linux kernel 2.6.22_rc7

linux linux kernel 2.6.25.4

linux linux kernel 2.6.25.13

linux linux kernel 2.4.36.6

linux linux kernel 2.6.22.1

linux linux kernel 2.6.25.6

linux linux kernel 2.6.25.5

linux linux kernel 2.6.18

linux linux kernel 2.6.25.12

linux linux kernel 2.6.24.2

linux linux kernel 2.6.24.5

linux linux kernel 2.6.25

linux linux kernel 2.6.22.18

linux linux kernel 2.6.22.10

linux linux kernel 2.6.26

linux linux kernel 2.6.26.1

linux linux kernel 2.6.26.2

linux linux kernel 2.6.23.16

linux linux kernel 2.6.23.11

linux linux kernel 2.6.20.18

linux linux kernel 2.6.20.17

linux linux kernel 2.6.19.4

linux linux kernel 2.6.22

linux linux kernel 2.4.36

linux linux kernel 2.6.21.6

linux linux kernel 2.6.22_rc1

linux linux kernel 2.6.25.3

linux linux kernel 2.6.25.14

linux linux kernel 2.2.27

linux linux kernel 2.6.22.22

linux linux kernel 2.6.22.21

linux linux kernel 2.6.22.20

linux linux kernel 2.6.22.2

linux linux kernel 2.6.22.8

linux linux kernel 2.6.22.11

linux linux kernel 2.6.22.12

linux linux kernel 2.6.26.3

linux linux kernel 2.6.26.4

linux linux kernel 2.6.24.7

linux linux kernel 2.6.25.15

linux linux kernel 2.6.25.2

linux linux kernel 2.6.23.12

linux linux kernel 2.6.21.5

linux linux kernel 2.6.19.7

linux linux kernel 2.6.20.16

linux linux kernel 2.6.24_rc5

linux linux kernel 2.4.36.4

linux linux kernel 2.4.36.2

linux linux kernel 2.6.25.16

linux linux kernel 2.6.24_rc1

linux linux kernel 2.6.24.6

linux linux kernel 2.6.25.10

linux linux kernel 2.6.25.11

linux linux kernel 2.6.25.7

linux linux kernel 2.6.25.1

linux linux kernel 2.6.24.3

linux linux kernel 2.6.24.4

linux linux kernel 2.6.22.15

linux linux kernel 2.6.22.17

linux linux kernel 2.6.25.9

linux linux kernel

linux linux kernel 2.6.23.9

linux linux kernel 2.6.23.13

linux linux kernel 2.6.20.20

linux linux kernel 2.6.20.19

linux linux kernel 2.6.23_rc1

linux linux kernel 2.6.24_rc4

linux linux kernel 2.4.36.3

linux linux kernel 2.6.23

linux linux kernel 2.6.23.10

linux linux kernel 2.6.21.7

linux linux kernel 2.6.24.1

linux linux kernel 2.6.24

linux linux kernel 2.6.25.8

linux linux kernel 2.6.22.19

linux linux kernel 2.6

linux linux kernel 2.6.22.9

linux linux kernel 2.6.22.14

linux linux kernel 2.6.22.13

linux linux kernel 2.6.26.5

linux linux kernel 2.6.27

Vendor Advisories

Hugo Dias discovered that the ATM subsystem did not correctly manage socket counts A local attacker could exploit this to cause a system hang, leading to a denial of service (CVE-2008-5079) ...
Hugo Dias discovered that the ATM subsystem did not correctly manage socket counts A local attacker could exploit this to cause a system hang, leading to a denial of service (CVE-2008-5079) ...
Synopsis Important: Red Hat Enterprise Linux 53 kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix three security issues, address severalhundred bugs and add numerous enhancements are now available as part of theongoing support and maintenan ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix several security issues and several bugsare now available for Red Hat Enterprise MRG 11This update has been rated as having important security impact by the RedHat Se ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that resolve several security issues are nowavailable for Red Hat Enterprise Linux 52 Extended Update SupportThis update has been rated as having important security impact by the RedHat Secu ...
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4307 Bryn M Reeves reported a denial of service in the NFS filesystem Local users can trigger a kernel BUG() due to a r ...
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-3527 Tavis Ormandy reported a local DoS and potential privilege escalation in the Virtual Dynamic Shared Objects (vDSO) ...

Exploits

/* * cve-2008-5079c * * Linux Kernel <= 26278 ATMSVC local DoS * Jon Oberheide <jon@oberheideorg> * * wwwcvemitreorg/cgi-bin/cvenamecgi?name=CVE-2008-5079: * * net/atm/svcc in the ATM subsystem in the Linux kernel 26278 * and earlier allows local users to cause a denial of service * (kernel infinite lo ...
Linux kernel versions 26278 and below ATMSVC local denial of service exploitnet/atm/svcc in the ATM subsystem in the Linux kernel 26278 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of ...

References

CWE-399http://marc.info/?l=linux-netdev&m=122841256115780&w=2http://secunia.com/advisories/32913https://issues.rpath.com/browse/RPL-2915http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0332http://secunia.com/advisories/33623http://www.redhat.com/support/errata/RHSA-2009-0225.htmlhttp://securityreason.com/securityalert/4694http://secunia.com/advisories/33706http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.htmlhttp://secunia.com/advisories/33756http://www.ubuntu.com/usn/usn-715-1http://secunia.com/advisories/33641http://secunia.com/advisories/33704http://www.mandriva.com/security/advisories?name=MDVSA-2009:032http://www.redhat.com/support/errata/RHSA-2009-0053.htmlhttp://secunia.com/advisories/33854https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01358.htmlhttp://secunia.com/advisories/33348http://secunia.com/advisories/33083http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.htmlhttp://www.debian.org/security/2009/dsa-1787http://secunia.com/advisories/34981http://www.securitytracker.com/id?1021360http://www.securityfocus.com/bid/32676https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11288https://usn.ubuntu.com/714-1/http://www.securityfocus.com/archive/1/499044/100/0/threadedhttp://www.securityfocus.com/archive/1/498943/100/0/threadedhttps://usn.ubuntu.com/715-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/7405/