CVE-2008-4113 : The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implemen

The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.

Published 2008-09-16 23:00:01

Updated 2018-10-11 20:50:55

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Threat overview for CVE-2008-4113

Top countries where our scanners detected CVE-2008-4113

Top open port discovered on systems with this issue 52869

IPs affected by CVE-2008-4113 198,832

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2008-4113!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2008-4113

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-4113

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.7	MEDIUM	AV:L/AC:M/Au:N/C:C/I:N/A:N	3.4	6.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: None Availability Impact: None

CWE ids for CVE-2008-4113

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2008-4113

Red Hat 2009-01-15

This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html

References for CVE-2008-4113

Products affected by CVE-2008-4113

Linux » Linux Kernel
Versions up to, including, (<=) 2.6.25.14
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.4.36.2
cpe:2.3:o:linux:linux_kernel:2.4.36.2:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.4.36
cpe:2.3:o:linux:linux_kernel:2.4.36:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.4.36.3
cpe:2.3:o:linux:linux_kernel:2.4.36.3:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.4.36.4
cpe:2.3:o:linux:linux_kernel:2.4.36.4:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.2.27
cpe:2.3:o:linux:linux_kernel:2.2.27:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.4.36.5
cpe:2.3:o:linux:linux_kernel:2.4.36.5:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.4.36.1
cpe:2.3:o:linux:linux_kernel:2.4.36.1:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.4.36.6
cpe:2.3:o:linux:linux_kernel:2.4.36.6:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.18 Update RC1
cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.18 Update RC2
cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.18 Update RC5
cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.18 Update RC3
cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.18 Update RC4
cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.18
cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.18 Update RC6
cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.18 Update RC7
cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22
cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.23.9
cpe:2.3:o:linux:linux_kernel:2.6.23.9:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.23
cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.19.7
cpe:2.3:o:linux:linux_kernel:2.6.19.7:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.19.4
cpe:2.3:o:linux:linux_kernel:2.6.19.4:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.19.5
cpe:2.3:o:linux:linux_kernel:2.6.19.5:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.19.6
cpe:2.3:o:linux:linux_kernel:2.6.19.6:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.21.7
cpe:2.3:o:linux:linux_kernel:2.6.21.7:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.21.6
cpe:2.3:o:linux:linux_kernel:2.6.21.6:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.21.5
cpe:2.3:o:linux:linux_kernel:2.6.21.5:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.20.20
cpe:2.3:o:linux:linux_kernel:2.6.20.20:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.20.19
cpe:2.3:o:linux:linux_kernel:2.6.20.19:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.20.16
cpe:2.3:o:linux:linux_kernel:2.6.20.16:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.20.21
cpe:2.3:o:linux:linux_kernel:2.6.20.21:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.20.18
cpe:2.3:o:linux:linux_kernel:2.6.20.18:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.20.17
cpe:2.3:o:linux:linux_kernel:2.6.20.17:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6
cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22.20
cpe:2.3:o:linux:linux_kernel:2.6.22.20:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22.19
cpe:2.3:o:linux:linux_kernel:2.6.22.19:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22.8
cpe:2.3:o:linux:linux_kernel:2.6.22.8:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22.9
cpe:2.3:o:linux:linux_kernel:2.6.22.9:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22.13
cpe:2.3:o:linux:linux_kernel:2.6.22.13:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22.14
cpe:2.3:o:linux:linux_kernel:2.6.22.14:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22.15
cpe:2.3:o:linux:linux_kernel:2.6.22.15:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22.17
cpe:2.3:o:linux:linux_kernel:2.6.22.17:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22.18
cpe:2.3:o:linux:linux_kernel:2.6.22.18:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22.22
cpe:2.3:o:linux:linux_kernel:2.6.22.22:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22.21
cpe:2.3:o:linux:linux_kernel:2.6.22.21:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22.2
cpe:2.3:o:linux:linux_kernel:2.6.22.2:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22.10
cpe:2.3:o:linux:linux_kernel:2.6.22.10:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22.11
cpe:2.3:o:linux:linux_kernel:2.6.22.11:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22.12
cpe:2.3:o:linux:linux_kernel:2.6.22.12:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.23.13
cpe:2.3:o:linux:linux_kernel:2.6.23.13:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.23.8
cpe:2.3:o:linux:linux_kernel:2.6.23.8:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.23.11
cpe:2.3:o:linux:linux_kernel:2.6.23.11:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.23.12
cpe:2.3:o:linux:linux_kernel:2.6.23.12:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.23.10
cpe:2.3:o:linux:linux_kernel:2.6.23.10:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.24.1
cpe:2.3:o:linux:linux_kernel:2.6.24.1:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.24
cpe:2.3:o:linux:linux_kernel:2.6.24:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.11
cpe:2.3:o:linux:linux_kernel:2.6.25.11:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.12
cpe:2.3:o:linux:linux_kernel:2.6.25.12:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.2
cpe:2.3:o:linux:linux_kernel:2.6.25.2:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.9
cpe:2.3:o:linux:linux_kernel:2.6.25.9:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.23.16
cpe:2.3:o:linux:linux_kernel:2.6.23.16:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.24.6
cpe:2.3:o:linux:linux_kernel:2.6.24.6:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.24.7
cpe:2.3:o:linux:linux_kernel:2.6.24.7:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.1
cpe:2.3:o:linux:linux_kernel:2.6.25.1:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.10
cpe:2.3:o:linux:linux_kernel:2.6.25.10:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.7
cpe:2.3:o:linux:linux_kernel:2.6.25.7:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.8
cpe:2.3:o:linux:linux_kernel:2.6.25.8:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.23.15
cpe:2.3:o:linux:linux_kernel:2.6.23.15:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.23.17
cpe:2.3:o:linux:linux_kernel:2.6.23.17:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.24.4
cpe:2.3:o:linux:linux_kernel:2.6.24.4:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.24.5
cpe:2.3:o:linux:linux_kernel:2.6.24.5:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25
cpe:2.3:o:linux:linux_kernel:2.6.25:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.15
cpe:2.3:o:linux:linux_kernel:2.6.25.15:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.5
cpe:2.3:o:linux:linux_kernel:2.6.25.5:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.6
cpe:2.3:o:linux:linux_kernel:2.6.25.6:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.24.2
cpe:2.3:o:linux:linux_kernel:2.6.24.2:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.24.3
cpe:2.3:o:linux:linux_kernel:2.6.24.3:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.13
cpe:2.3:o:linux:linux_kernel:2.6.25.13:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.3
cpe:2.3:o:linux:linux_kernel:2.6.25.3:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.4
cpe:2.3:o:linux:linux_kernel:2.6.25.4:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.24 Rc1
cpe:2.3:o:linux:linux_kernel:2.6.24_rc1:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22 Rc1
cpe:2.3:o:linux:linux_kernel:2.6.22_rc1:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.22 Rc7
cpe:2.3:o:linux:linux_kernel:2.6.22_rc7:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.23 Rc1
cpe:2.3:o:linux:linux_kernel:2.6.23_rc1:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.24 Rc4
cpe:2.3:o:linux:linux_kernel:2.6.24_rc4:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.24 Rc5
cpe:2.3:o:linux:linux_kernel:2.6.24_rc5:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.10 X86 64 Edition
cpe:2.3:o:linux:linux_kernel:2.6.25.10:*:x86_64:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.11 X86 64 Edition
cpe:2.3:o:linux:linux_kernel:2.6.25.11:*:x86_64:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.12 X86 64 Edition
cpe:2.3:o:linux:linux_kernel:2.6.25.12:*:x86_64:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.8 X86 64 Edition
cpe:2.3:o:linux:linux_kernel:2.6.25.8:*:x86_64:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.9 X86 64 Edition
cpe:2.3:o:linux:linux_kernel:2.6.25.9:*:x86_64:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.1 X86 64 Edition
cpe:2.3:o:linux:linux_kernel:2.6.25.1:*:x86_64:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.6 X86 64 Edition
cpe:2.3:o:linux:linux_kernel:2.6.25.6:*:x86_64:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.7 X86 64 Edition
cpe:2.3:o:linux:linux_kernel:2.6.25.7:*:x86_64:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.2 X86 64 Edition
cpe:2.3:o:linux:linux_kernel:2.6.25.2:*:x86_64:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.3 X86 64 Edition
cpe:2.3:o:linux:linux_kernel:2.6.25.3:*:x86_64:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25 X86 64 Edition
cpe:2.3:o:linux:linux_kernel:2.6.25:*:x86_64:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.4 X86 64 Edition
cpe:2.3:o:linux:linux_kernel:2.6.25.4:*:x86_64:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.25.5 X86 64 Edition
cpe:2.3:o:linux:linux_kernel:2.6.25.5:*:x86_64:*:*:*:*:*
Matching versions