Vulnerability Details : CVE-2008-3911
The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file.
Vulnerability category: Overflow
Products affected by CVE-2008-3911
- cpe:2.3:o:linux:linux_kernel:2.6.26.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3911
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3911
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2008-3911
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-3911
-
Red Hat 2008-09-05Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
References for CVE-2008-3911
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45136
-
http://www.openwall.com/lists/oss-security/2008/09/04/2
-
http://www.securityfocus.com/bid/31937
-
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html
-
http://lkml.org/lkml/2008/8/30/140
Exploit
-
http://lkml.org/lkml/2008/8/30/184
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=27df6f25ff218072e0e879a96beeb398a79cdbc8
Jump to