National Vulnerability Database (NVD) National Vulnerability Database (CVE-2008-1675)

National Cyber-Alert System

Vulnerability Summary for CVE-2008-1675

Original release date:05/02/2008

Last revised:08/20/2009

Source: US-CERT/NIST

Overview

The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:7.2 (HIGH) (AV:L/AC:L/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 3.9

CVSS Version 2 Metrics:

Access Vector: Locally exploitable

Access Complexity: Low

**NOTE: Access Complexity scored Low due to insufficient information

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Vendor Statments (disclaimer)

Official Statement from Red Hat (05/06/2008): Not vulnerable. This issue did not affect versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: FEDORA

Name: FEDORA-2008-3873

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-2501

Hyperlink:https://issues.rpath.com/browse/RPL-2501

External Source: XF

Name: linux-kernel-tehuti-bo(42132)

Hyperlink:http://xforce.iss.net/xforce/xfdb/42132

External Source: UBUNTU

Name: USN-614-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-614-1

External Source: SECTRACK

Name: 1019960

Hyperlink:http://www.securitytracker.com/id?1019960

External Source: BID

Name: 29014

Hyperlink:http://www.securityfocus.com/bid/29014

External Source: BUGTRAQ

Name: 20080507 rPSA-2008-0157-1 kernel

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/491732/100/0/threaded

External Source: BUGTRAQ

Name: 20080502 rPSA-2008-0157-1 kernel

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/491566/100/0/threaded

External Source: MANDRIVA

Name: MDVSA-2008:167

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2008:167

External Source: MANDRIVA

Name: MDVSA-2008:109

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2008:109

External Source: CONFIRM

Name: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1

Hyperlink:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1

External Source: VUPEN

Name: ADV-2008-1406

Type: Advisory

Hyperlink:http://www.frsirt.com/english/advisories/2008/1406/references

External Source: CONFIRM

Name: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157

Hyperlink:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157

External Source: CONFIRM

Name: http://wiki.rpath.com/Advisories:rPSA-2008-0157

Hyperlink:http://wiki.rpath.com/Advisories:rPSA-2008-0157

External Source: SECUNIA

Name: 30515

Type: Advisory

Hyperlink:http://secunia.com/advisories/30515

External Source: SECUNIA

Name: 30260

Type: Advisory

Hyperlink:http://secunia.com/advisories/30260

External Source: SECUNIA

Name: 30044

Type: Advisory

Hyperlink:http://secunia.com/advisories/30044

External Source: SECUNIA

Name: 30017

Type: Advisory

Hyperlink:http://secunia.com/advisories/30017

External Source: MLIST

Name: [linux-kernel] 20080429 [04/12] tehuti: check register size (CVE-2008-1675)

Hyperlink:http://marc.info/?l=linux-kernel&m=120949582428998&w=2

External Source: MLIST

Name: [linux-kernel] 20080429 [27/37] tehuti: move ioctl perm check closer to function start

Hyperlink:http://marc.info/?l=linux-kernel&m=120949204619718&w=2

External Source: MLIST

Name: [linux-kernel] 20080429 [26/37] tehuti: check register size (CVE-2008-1675)

Hyperlink:http://marc.info/?l=linux-kernel&m=120949204519706&w=2

Vulnerable software and versions

Configuration 1

* cpe:/o:linux:kernel:2.6.1

* cpe:/o:linux:kernel:2.6.10

* cpe:/o:linux:kernel:2.6.0

* cpe:/o:linux:kernel:2.6.11

* cpe:/o:linux:kernel:2.6.11.1

* cpe:/o:linux:kernel:2.6.11.2

* cpe:/o:linux:kernel:2.6.11.10

* cpe:/o:linux:kernel:2.6.11.12

* cpe:/o:linux:kernel:2.6.11.11

* cpe:/o:linux:kernel:2.6.12.2

* cpe:/o:linux:kernel:2.6.11.3

* cpe:/o:linux:kernel:2.6.11.4

* cpe:/o:linux:kernel:2.6.11.5

* cpe:/o:linux:kernel:2.6.11.6

* cpe:/o:linux:kernel:2.6.11.8

* cpe:/o:linux:kernel:2.6.11.7

* cpe:/o:linux:kernel:2.6.11.9

* cpe:/o:linux:kernel:2.6.12.1

* cpe:/o:linux:kernel:2.6.12

* cpe:/o:linux:kernel:2.6.12.3

* cpe:/o:linux:kernel:2.6.12.5

* cpe:/o:linux:kernel:2.6.12.4

* cpe:/o:linux:kernel:2.6.13

* cpe:/o:linux:kernel:2.6.12.6

* cpe:/o:linux:kernel:2.6.13.2

* cpe:/o:linux:kernel:2.6.13.1

* cpe:/o:linux:kernel:2.6.13.5

* cpe:/o:linux:kernel:2.6.13.3

* cpe:/o:linux:kernel:2.6.13.4

* cpe:/o:linux:kernel:2.6.14.7

* cpe:/o:linux:kernel:2.6.15

* cpe:/o:linux:kernel:2.6.14.5

* cpe:/o:linux:kernel:2.6.14.6

* cpe:/o:linux:kernel:2.6.15.1

* cpe:/o:linux:kernel:2.6.14

* cpe:/o:linux:kernel:2.6.14.3

* cpe:/o:linux:kernel:2.6.14.4

* cpe:/o:linux:kernel:2.6.14.1

* cpe:/o:linux:kernel:2.6.14.2

* cpe:/o:linux:kernel:2.6.15.3

* cpe:/o:linux:kernel:2.6.15.4

* cpe:/o:linux:kernel:2.6.16.11

* cpe:/o:linux:kernel:2.6.16.10

* cpe:/o:linux:kernel:2.6.15.2

* cpe:/o:linux:kernel:2.6.16

* cpe:/o:linux:kernel:2.6.15.7

* cpe:/o:linux:kernel:2.6.15.6

* cpe:/o:linux:kernel:2.6.15.5

* cpe:/o:linux:kernel:2.6.16.1

* cpe:/o:linux:kernel:2.6.16.18

* cpe:/o:linux:kernel:2.6.16.17

* cpe:/o:linux:kernel:2.6.16.20

* cpe:/o:linux:kernel:2.6.16.19

* cpe:/o:linux:kernel:2.6.16.12

* cpe:/o:linux:kernel:2.6.16.14

* cpe:/o:linux:kernel:2.6.16.13

* cpe:/o:linux:kernel:2.6.16.16

* cpe:/o:linux:kernel:2.6.16.15

* cpe:/o:linux:kernel:2.6.16.2

* cpe:/o:linux:kernel:2.6.16.29

* cpe:/o:linux:kernel:2.6.16.26

* cpe:/o:linux:kernel:2.6.16.25

* cpe:/o:linux:kernel:2.6.16.28

* cpe:/o:linux:kernel:2.6.16.27

* cpe:/o:linux:kernel:2.6.16.22

* cpe:/o:linux:kernel:2.6.16.21

* cpe:/o:linux:kernel:2.6.16.3

* cpe:/o:linux:kernel:2.6.16.24

* cpe:/o:linux:kernel:2.6.16.23

* cpe:/o:linux:kernel:2.6.16.33

* cpe:/o:linux:kernel:2.6.16.34

* cpe:/o:linux:kernel:2.6.16.35

* cpe:/o:linux:kernel:2.6.16.36

* cpe:/o:linux:kernel:2.6.16.30

* cpe:/o:linux:kernel:2.6.16.31

* cpe:/o:linux:kernel:2.6.16.32

* cpe:/o:linux:kernel:2.6.16.37

* cpe:/o:linux:kernel:2.6.16.38

* cpe:/o:linux:kernel:2.6.16.39

* cpe:/o:linux:kernel:2.6.16.48

* cpe:/o:linux:kernel:2.6.16.47

* cpe:/o:linux:kernel:2.6.16.46

* cpe:/o:linux:kernel:2.6.16.45

* cpe:/o:linux:kernel:2.6.16.41

* cpe:/o:linux:kernel:2.6.16.42

* cpe:/o:linux:kernel:2.6.16.43

* cpe:/o:linux:kernel:2.6.16.44

* cpe:/o:linux:kernel:2.6.16.4

* cpe:/o:linux:kernel:2.6.16.40

* cpe:/o:linux:kernel:2.6.16.52

* cpe:/o:linux:kernel:2.6.16.51

* cpe:/o:linux:kernel:2.6.16.50

* cpe:/o:linux:kernel:2.6.16.49

* cpe:/o:linux:kernel:2.6.16.5

* cpe:/o:linux:kernel:2.6.16.57

* cpe:/o:linux:kernel:2.6.16.56

* cpe:/o:linux:kernel:2.6.16.55

* cpe:/o:linux:kernel:2.6.16.54

* cpe:/o:linux:kernel:2.6.16.53

* cpe:/o:linux:kernel:2.6.16.8

* cpe:/o:linux:kernel:2.6.16.7

* cpe:/o:linux:kernel:2.6.16.6

* cpe:/o:linux:kernel:2.6.17

* cpe:/o:linux:kernel:2.6.16.61

* cpe:/o:linux:kernel:2.6.16.62

* cpe:/o:linux:kernel:2.6.16.9

* cpe:/o:linux:kernel:2.6.16.60

* cpe:/o:linux:kernel:2.6.16.59

* cpe:/o:linux:kernel:2.6.16.58

* cpe:/o:linux:kernel:2.6.17.4

* cpe:/o:linux:kernel:2.6.17.14

* cpe:/o:linux:kernel:2.6.17.5

* cpe:/o:linux:kernel:2.6.17.2

* cpe:/o:linux:kernel:2.6.17.3

* cpe:/o:linux:kernel:2.6.17.1

* cpe:/o:linux:kernel:2.6.17.12

* cpe:/o:linux:kernel:2.6.17.13

* cpe:/o:linux:kernel:2.6.17.10

* cpe:/o:linux:kernel:2.6.17.11

* cpe:/o:linux:kernel:2.6.18.1

* cpe:/o:linux:kernel:2.6.18

* cpe:/o:linux:kernel:2.6.18.3

* cpe:/o:linux:kernel:2.6.18.2

* cpe:/o:linux:kernel:2.6.18.5

* cpe:/o:linux:kernel:2.6.18.4

* cpe:/o:linux:kernel:2.6.17.8

* cpe:/o:linux:kernel:2.6.17.9

* cpe:/o:linux:kernel:2.6.17.6

* cpe:/o:linux:kernel:2.6.17.7

* cpe:/o:linux:kernel:2.6.18.7

* cpe:/o:linux:kernel:2.6.18.6

* cpe:/o:linux:kernel:2.6.18.8

* cpe:/o:linux:kernel:2.6.19.7

* cpe:/o:linux:kernel:2.6.19.5

* cpe:/o:linux:kernel:2.6.19.6

* cpe:/o:linux:kernel:2.6.19.4

* cpe:/o:linux:kernel:2.6.19

* cpe:/o:linux:kernel:2.6.2

* cpe:/o:linux:kernel:2.6.19.2

* cpe:/o:linux:kernel:2.6.19.1

* cpe:/o:linux:kernel:2.6.20

* cpe:/o:linux:kernel:2.6.19.3

* cpe:/o:linux:kernel:2.6.20.16

* cpe:/o:linux:kernel:2.6.20.10

* cpe:/o:linux:kernel:2.6.20.11

* cpe:/o:linux:kernel:2.6.20.12

* cpe:/o:linux:kernel:2.6.20.13

* cpe:/o:linux:kernel:2.6.20.14

* cpe:/o:linux:kernel:2.6.20.15

* cpe:/o:linux:kernel:2.6.20.18

* cpe:/o:linux:kernel:2.6.20.17

* cpe:/o:linux:kernel:2.6.20.1

* cpe:/o:linux:kernel:2.6.20.3

* cpe:/o:linux:kernel:2.6.20.4

* cpe:/o:linux:kernel:2.6.20.5

* cpe:/o:linux:kernel:2.6.20.6

* cpe:/o:linux:kernel:2.6.20.7

* cpe:/o:linux:kernel:2.6.20.8

* cpe:/o:linux:kernel:2.6.20.21

* cpe:/o:linux:kernel:2.6.20.2

* cpe:/o:linux:kernel:2.6.20.20

* cpe:/o:linux:kernel:2.6.20.19

* cpe:/o:linux:kernel:2.6.22

* cpe:/o:linux:kernel:2.6.21.4

* cpe:/o:linux:kernel:2.6.21.6

* cpe:/o:linux:kernel:2.6.21.3

* cpe:/o:linux:kernel:2.6.21.7

* cpe:/o:linux:kernel:2.6.20.9

* cpe:/o:linux:kernel:2.6.21.5

* cpe:/o:linux:kernel:2.6.21

* cpe:/o:linux:kernel:2.6.21.1

* cpe:/o:linux:kernel:2.6.21.2

* cpe:/o:linux:kernel:2.6.22.14

* cpe:/o:linux:kernel:2.6.22.15

* cpe:/o:linux:kernel:2.6.22.17

* cpe:/o:linux:kernel:2.6.22.18

* cpe:/o:linux:kernel:2.6.22.1

* cpe:/o:linux:kernel:2.6.22.10

* cpe:/o:linux:kernel:2.6.22.11

* cpe:/o:linux:kernel:2.6.22.16

* cpe:/o:linux:kernel:2.6.22.12

* cpe:/o:linux:kernel:2.6.22.13

* cpe:/o:linux:kernel:2.6.22.5

* cpe:/o:linux:kernel:2.6.22.2

* cpe:/o:linux:kernel:2.6.22.4

* cpe:/o:linux:kernel:2.6.22.22

* cpe:/o:linux:kernel:2.6.22.21

* cpe:/o:linux:kernel:2.6.22.20

* cpe:/o:linux:kernel:2.6.22.7

* cpe:/o:linux:kernel:2.6.22.19

* cpe:/o:linux:kernel:2.6.22.6

* cpe:/o:linux:kernel:2.6.22.3

* cpe:/o:linux:kernel:2.6.22.8

* cpe:/o:linux:kernel:2.6.22.9

* cpe:/o:linux:kernel:2.6.23

* cpe:/o:linux:kernel:2.6.23.10

* cpe:/o:linux:kernel:2.6.23.11

* cpe:/o:linux:kernel:2.6.23.1

* cpe:/o:linux:kernel:2.6.23.13

* cpe:/o:linux:kernel:2.6.23.12

* cpe:/o:linux:kernel:2.6.23.15

* cpe:/o:linux:kernel:2.6.23.17

* cpe:/o:linux:kernel:2.6.23.16

* cpe:/o:linux:kernel:2.6.23.2

* cpe:/o:linux:kernel:2.6.23.6

* cpe:/o:linux:kernel:2.6.23.5

* cpe:/o:linux:kernel:2.6.23.4

* cpe:/o:linux:kernel:2.6.23.3

* cpe:/o:linux:kernel:2.6.23.14

* cpe:/o:linux:kernel:2.6.23.7

* cpe:/o:linux:kernel:2.6.23.8

* cpe:/o:linux:kernel:2.6.23.9

* cpe:/o:linux:kernel:2.6.24

* cpe:/o:linux:kernel:2.6.24.1

* cpe:/o:linux:kernel:2.6.24.2

* cpe:/o:linux:kernel:2.6.24.3

* cpe:/o:linux:kernel:2.6.24.4

* cpe:/o:linux:kernel:2.6.24.5

* cpe:/o:linux:kernel:2.6.24.6

* cpe:/o:linux:kernel:2.6.24.7

* cpe:/o:linux:kernel:2.6.25

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Resource Management Errors (CWE-399)
Insufficient Information (NVD-CWE-noinfo)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1675