CVE-2008-2812

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html	Mailing List Third Party Advisory
http://secunia.com/advisories/30982	Broken Link
http://secunia.com/advisories/31048	Broken Link
http://secunia.com/advisories/31202	Broken Link
http://secunia.com/advisories/31229	Broken Link
http://secunia.com/advisories/31341	Broken Link
http://secunia.com/advisories/31551	Broken Link
http://secunia.com/advisories/31614	Broken Link
http://secunia.com/advisories/31685	Broken Link
http://secunia.com/advisories/32103	Broken Link
http://secunia.com/advisories/32370	Broken Link
http://secunia.com/advisories/32759	Broken Link
http://secunia.com/advisories/33201	Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm	Third Party Advisory
http://www.debian.org/security/2008/dsa-1630	Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/07/03/2	Mailing List Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0612.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0665.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0973.html	Broken Link
http://www.securityfocus.com/bid/30076	Patch Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2063/references	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/43687	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633	Third Party Advisory
https://usn.ubuntu.com/637-1/	Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html	Mailing List Third Party Advisory
http://secunia.com/advisories/30982	Broken Link
http://secunia.com/advisories/31048	Broken Link
http://secunia.com/advisories/31202	Broken Link
http://secunia.com/advisories/31229	Broken Link
http://secunia.com/advisories/31341	Broken Link
http://secunia.com/advisories/31551	Broken Link
http://secunia.com/advisories/31614	Broken Link
http://secunia.com/advisories/31685	Broken Link
http://secunia.com/advisories/32103	Broken Link
http://secunia.com/advisories/32370	Broken Link
http://secunia.com/advisories/32759	Broken Link
http://secunia.com/advisories/33201	Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm	Third Party Advisory
http://www.debian.org/security/2008/dsa-1630	Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/07/03/2	Mailing List Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0612.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0665.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0973.html	Broken Link
http://www.securityfocus.com/bid/30076	Patch Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2063/references	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/43687	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633	Third Party Advisory
https://usn.ubuntu.com/637-1/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::

Configuration 3 (hide)

OR	cpe:2.3:o:novell:linux_desktop:9:::::::*
	cpe:2.3:o:opensuse:opensuse:10.3:::::::*
	cpe:2.3:o:opensuse:opensuse:11.0:::::::*
	cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp1::::::
	cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp2::::::
	cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp1::::::
	cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp2::::::

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR	cpe:2.3:a:avaya:communication_manager::::::::
	cpe:2.3:a:avaya:expanded_meet-me_conferencing::::::::
	cpe:2.3:a:avaya:intuity_audix_lx:2.0:::::::*
	cpe:2.3:a:avaya:meeting_exchange:5.0:::::::*
	cpe:2.3:a:avaya:message_networking:3.1:::::::*
	cpe:2.3:a:avaya:messaging_storage_server:4.0:::::::*
	cpe:2.3:a:avaya:proactive_contact:4.0:::::::*
	cpe:2.3:a:avaya:sip_enablement_services:-:::::::*
	cpe:2.3:a:avaya:sip_enablement_services:4.0:::::::*

History

21 Nov 2024, 00:47

Information

Published : 2008-07-09 00:41

Updated : 2024-11-21 00:47

NVD link : CVE-2008-2812

Mitre link : CVE-2008-2812

CVE.ORG link : CVE-2008-2812

JSON object : View

Products Affected

avaya

communication_manager
sip_enablement_services
intuity_audix_lx
meeting_exchange
messaging_storage_server
proactive_contact
message_networking
expanded_meet-me_conferencing

debian

debian_linux

opensuse

opensuse

canonical

ubuntu_linux

suse

suse_linux_enterprise_server
suse_linux_enterprise_desktop

linux

linux_kernel

novell

linux_desktop

CWE

CWE-476

NULL Pointer Dereference

7.8 /10