SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2008-5029

Date: (C)2008-11-10 (M)2024-02-22

The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.9
Exploit Score: 3.9
Impact Score: 6.9

CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE

Reference:

SECTRACK-1021292

SECTRACK-1021511

http://www.securityfocus.com/archive/1/499700/100/0/threaded

http://archives.neohapsis.com/archives/bugtraq/2009-01/0006.html

http://www.securityfocus.com/archive/1/499744/100/0/threaded

http://www.securityfocus.com/archive/1/512019/100/0/threaded

SUSE-SA:2008:057

SUSE-SA:2009:004

SUSE-SA:2009:008

http://marc.info/?l=linux-netdev&m=122593044330973&w=2

http://www.openwall.com/lists/oss-security/2008/11/06/1

http://darkircop.org/unix.c

http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.9

https://bugzilla.redhat.com/show_bug.cgi?id=470201

linux-kernel-scmdestroy-dos(46538)

oval:org.mitre.oval:def:11694

oval:org.mitre.oval:def:9558

cpe:/o:linux:linux_kernel:2.6.18
cpe:/o:linux:linux_kernel:2.6.20.19
cpe:/o:linux:linux_kernel:2.6.23.9
cpe:/o:linux:linux_kernel:2.6.27.2
...

oval:org.secpod.oval:def:301341
oval:org.mitre.oval:def:8144
oval:org.secpod.oval:def:202705
oval:org.secpod.oval:def:500617
...

© SecPod Technologies