fkie_nvd - fkie_cve-2008-4113

FKIE_CVE-2008-4113

Vulnerability from fkie_nvd - Published: 2008-09-16 23:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.

References

	URL	Tags
	cve@mitre.org	http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=d97240552cd98c4b07322f30f66fd9c3ba4171de
	cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html
	cve@mitre.org	http://secunia.com/advisories/32190
	cve@mitre.org	http://secunia.com/advisories/32315
	cve@mitre.org	http://secunia.com/advisories/32393
	cve@mitre.org	http://securityreason.com/securityalert/4266
	cve@mitre.org	http://www.debian.org/security/2008/dsa-1655
	cve@mitre.org	http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4
	cve@mitre.org	http://www.openwall.com/lists/oss-security/2008/09/26/6
	cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0857.html
	cve@mitre.org	http://www.securityfocus.com/archive/1/496256/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/bid/31121
	cve@mitre.org	http://www.securitytracker.com/id?1021000
	cve@mitre.org	http://www.trapkit.de/advisories/TKADV2008-007.txt
	cve@mitre.org	http://www.ubuntu.com/usn/usn-659-1
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/45188
	cve@mitre.org	https://www.exploit-db.com/exploits/7618
	af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=d97240552cd98c4b07322f30f66fd9c3ba4171de
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32190
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32315
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32393
	af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4266
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1655
	af854a3a-2127-422b-91ae-364da2661108	http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2008/09/26/6
	af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0857.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/496256/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31121
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021000
	af854a3a-2127-422b-91ae-364da2661108	http://www.trapkit.de/advisories/TKADV2008-007.txt
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-659-1
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45188
	af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/7618

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	2.2.27
linux	linux_kernel	2.4.36
linux	linux_kernel	2.4.36.1
linux	linux_kernel	2.4.36.2
linux	linux_kernel	2.4.36.3
linux	linux_kernel	2.4.36.4
linux	linux_kernel	2.4.36.5
linux	linux_kernel	2.4.36.6
linux	linux_kernel	2.6
linux	linux_kernel	2.6.18
linux	linux_kernel	2.6.18
linux	linux_kernel	2.6.18
linux	linux_kernel	2.6.18
linux	linux_kernel	2.6.18
linux	linux_kernel	2.6.18
linux	linux_kernel	2.6.18
linux	linux_kernel	2.6.18
linux	linux_kernel	2.6.19.4
linux	linux_kernel	2.6.19.5
linux	linux_kernel	2.6.19.6
linux	linux_kernel	2.6.19.7
linux	linux_kernel	2.6.20.16
linux	linux_kernel	2.6.20.17
linux	linux_kernel	2.6.20.18
linux	linux_kernel	2.6.20.19
linux	linux_kernel	2.6.20.20
linux	linux_kernel	2.6.20.21
linux	linux_kernel	2.6.21.5
linux	linux_kernel	2.6.21.6
linux	linux_kernel	2.6.21.7
linux	linux_kernel	2.6.22
linux	linux_kernel	2.6.22.2
linux	linux_kernel	2.6.22.8
linux	linux_kernel	2.6.22.9
linux	linux_kernel	2.6.22.10
linux	linux_kernel	2.6.22.11
linux	linux_kernel	2.6.22.12
linux	linux_kernel	2.6.22.13
linux	linux_kernel	2.6.22.14
linux	linux_kernel	2.6.22.15
linux	linux_kernel	2.6.22.17
linux	linux_kernel	2.6.22.18
linux	linux_kernel	2.6.22.19
linux	linux_kernel	2.6.22.20
linux	linux_kernel	2.6.22.21
linux	linux_kernel	2.6.22.22
linux	linux_kernel	2.6.22_rc1
linux	linux_kernel	2.6.22_rc7
linux	linux_kernel	2.6.23
linux	linux_kernel	2.6.23.8
linux	linux_kernel	2.6.23.9
linux	linux_kernel	2.6.23.10
linux	linux_kernel	2.6.23.11
linux	linux_kernel	2.6.23.12
linux	linux_kernel	2.6.23.13
linux	linux_kernel	2.6.23.15
linux	linux_kernel	2.6.23.16
linux	linux_kernel	2.6.23.17
linux	linux_kernel	2.6.23_rc1
linux	linux_kernel	2.6.24
linux	linux_kernel	2.6.24.1
linux	linux_kernel	2.6.24.2
linux	linux_kernel	2.6.24.3
linux	linux_kernel	2.6.24.4
linux	linux_kernel	2.6.24.5
linux	linux_kernel	2.6.24.6
linux	linux_kernel	2.6.24.7
linux	linux_kernel	2.6.24_rc1
linux	linux_kernel	2.6.24_rc4
linux	linux_kernel	2.6.24_rc5
linux	linux_kernel	2.6.25
linux	linux_kernel	2.6.25
linux	linux_kernel	2.6.25.1
linux	linux_kernel	2.6.25.1
linux	linux_kernel	2.6.25.2
linux	linux_kernel	2.6.25.2
linux	linux_kernel	2.6.25.3
linux	linux_kernel	2.6.25.3
linux	linux_kernel	2.6.25.4
linux	linux_kernel	2.6.25.4
linux	linux_kernel	2.6.25.5
linux	linux_kernel	2.6.25.5
linux	linux_kernel	2.6.25.6
linux	linux_kernel	2.6.25.6
linux	linux_kernel	2.6.25.7
linux	linux_kernel	2.6.25.7
linux	linux_kernel	2.6.25.8
linux	linux_kernel	2.6.25.8
linux	linux_kernel	2.6.25.9
linux	linux_kernel	2.6.25.9
linux	linux_kernel	2.6.25.10
linux	linux_kernel	2.6.25.10
linux	linux_kernel	2.6.25.11
linux	linux_kernel	2.6.25.11
linux	linux_kernel	2.6.25.12
linux	linux_kernel	2.6.25.12
linux	linux_kernel	2.6.25.13
linux	linux_kernel	2.6.25.15

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4AD0AC-1483-4E8B-AE00-9D349D5982DA",
              "versionEndIncluding": "2.6.25.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.2.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F9DBB0-8AF7-42CA-95DD-68A344E9D549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA39D4CE-22F0-46A2-B8CF-4599675E7D3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDD00664-A27C-4514-A2A4-079E8F9B0251",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E336C792-B7A1-4318-8050-DE9F03474CEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7228AE50-BACB-4AB8-9CE5-17DB0CD661AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6D260FD-E55E-4A95-AB7F-B880DBE37BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E36D0159-1A05-4628-9C1C-360DED0F438C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.4.36.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E6654B9-42EB-4C2C-8F71-710D50556180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FC560CC-F785-42D5-A25B-1BA02E7AC464",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "C06F0037-DE20-4B4A-977F-BFCFAB026517",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1817C772-D367-4ABE-B835-466D31A6DC89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C667B8E4-64EB-4A05-84FF-B2243DEF757D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9484B41A-DFB6-4481-80D8-440C711CEA53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "53D373AF-DE6B-428E-9F0F-F1D220900A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "F2975DF7-F916-456C-BF7C-2694559E5282",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "6D156EFF-D2E5-4F42-B6E7-954DE6CD90B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "784EB96E-2FD3-4F77-8DB6-4D6C7A928946",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "86A98A70-51E3-4556-8DC4-DD09CF370D1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "469EE3B0-3CC2-4AC2-86A0-2DF34205E707",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCFECB2B-6482-45F2-B3BB-EDDEDA0948A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EC547EB-9308-4477-8256-A0E04B42D6DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F55A024-9F8E-44F8-A0D8-696BC232524A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "84595143-3B04-4CE8-81C0-28EEEC58CD0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "32EE2B49-DDEB-4B49-A5F0-CAA161095A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3ABFA33-8FA1-488E-A9BD-1593F495F595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "62F6DE3A-E6CC-4D7E-BD08-E43DC4182200",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9A29C44-EBE5-42B0-AFAD-C5A8F6EEF2F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "96A43C95-8569-40BE-9E5B-F9B3D0B9D188",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABD70B2B-9827-4DBB-B82D-0B70C2D4AB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99662904-E5E3-4E81-B199-39707EAEB652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "615BDD1D-36AA-4976-909B-F0F66BF1090C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A3EDF2-09D7-4116-AE46-D86E4B9602AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A55028-B8F9-4AD2-AE57-A80D561F3C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C4E641C-67D4-4599-8EFB-0B2F8D81D68C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "70460F6C-D6C0-4C1A-B13E-368705EAF223",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F26BA18-08AD-45FE-9F83-25CCB2E27270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EBFF148-3EDA-4216-910B-8930D8C443C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "648C63F7-EA1D-4F2E-B8AF-1F380C83E542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "1697B855-4834-4633-A5C8-C1F7F13ACE0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBAE75F-9145-4B9A-A6D8-E488C5326145",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5990C6C2-2F66-4C4D-8224-74163865F410",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A45A9B9-4B19-4A5B-BC95-BCBC4EF00F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23AD176-3B99-4593-BCBD-13C1E579A13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "034DFD7F-8919-4245-8480-7B272F591271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CEBC606-6488-48CE-8AA8-5B8CC724D5D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83C60AF-50A9-480E-860D-45E80AC0A6B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FDF616-E410-4540-B377-98D1FB88CE35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22_rc7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5313B736-9904-442A-84D6-8FC7B9AC2059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C6A3A30-FEA4-40B6-98A9-1840BB4E8CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE87D1BC-A72D-42D2-A93C-67A5823BEB14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AAC2E9D-0E82-4866-9046-ADD448418198",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "760FB32D-9795-4B29-B79A-A32B5E70F7EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DFF67E9-B0C2-48D5-BB3A-CF21D10010FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5881A78C-D162-4DE5-8353-2BB1EC1F428B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B13D81D2-1A89-4E61-A90C-5E8BB880310B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F9887E-2466-4C73-A8E1-2117492F9EC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FDE5B27-2EF0-464E-8F14-5E809D84D389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "815B2EE8-136F-44E4-997D-5F93A54775DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76D0AFF0-8CA9-42EF-A20E-3CD6E7DDF016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "13673DF5-09B1-40C8-AC54-A447DE8AB01E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52152F5A-1833-4490-A373-9C547B90B0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B64A095E-5E97-445E-B435-F09983CC0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8035F93-9DEE-4B92-ABAA-4ABE0B71BF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EE92406-DBF3-463E-8A51-F9679E851FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C60D19B-ED9B-443C-9D49-002ABD381119",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "264C61EE-64F6-43AD-B54F-7D683C29E64F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0149408A-30F6-4EDF-8B3B-CBAB884CE758",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3069324C-28FB-4BB6-9451-F3AC6A8DA64C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24_rc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F3D19AD-4268-45E7-B13D-BC93ABDF2226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24_rc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "67E619E6-A515-43BC-B371-C1FF6DAA6CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "71295664-89EC-4BB3-9F86-B1DDA20FAC5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "6ED1BAE4-A6D3-49A1-BCAD-1E514D42F609",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37BE853A-BA6F-4A70-B166-E34441F0B7DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.1:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "4F7C4DFF-616C-497D-9BAB-67C2E21BC21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "85064FDF-4B62-43BF-B36C-F659D739BC22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.2:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "E6EBBFE8-2332-45CE-93F8-6815C2AE5D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEADC505-FF44-4D45-8EA6-B23A1C4564D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.3:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "388414A1-C9B4-41BA-AD35-6501A463A095",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CE3C807-5C9B-4B71-868B-DF17ECB1514F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.4:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "FDBA01DD-C129-48F1-800B-838418F4A4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6CADAA2-91D2-40C4-90F3-D7F40A3D4CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.5:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "185F1EF8-04EB-43ED-B909-8BDF60F23E76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "45B6847C-873B-4BE1-852D-239115E59BA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.6:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "D9D4BCAD-B3CD-4FA1-A833-0D7D40289E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF41209E-D27F-4642-A405-90E822A41897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.7:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "3483FAFA-353C-498F-AF68-8F5B84A0F30D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "97F59FD9-46E5-4F63-80A0-091AD44D1867",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.8:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "B3D5AEA5-210B-4E9F-8D9C-C25B84F15C75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "428844A5-E020-4AE9-8012-9AEDFCB7C32E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.9:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "6B11A9E1-9D90-46DC-81B5-17A137205AB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "94C9D70D-A552-48D6-9497-EE07EB5649D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.10:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "07EEC559-9240-46BE-9057-0F17D1F61F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6169FF-9FF9-4A81-BAEB-6D5132F64F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.11:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "BBBC127F-D67E-43FE-BCFE-606C200084F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6DC79CF-A504-4232-9F66-B5DCD0213DA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.12:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "42B18945-EE09-4E6B-8C11-E382E5F8F850",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "192B4273-0935-4232-BBFD-A850855CAC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4E4A6E5-0C2C-42FD-B982-684CCB0DDFBB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function."
    },
    {
      "lang": "es",
      "value": "Funci\u00f3n The sctp_getsockopt_hmac_ident en net/sctp/socket.c la implementaci\u00f3n de Stream Control Transmission Protocol (sctp) en el kernel de Linux anterior a 2.6.26.4, cuando la extensi\u00f3n SCPT-AUTH est\u00e1 activada, basada en un valor de tama\u00f1o no confiable en el l\u00edmite de la copia de datos de la memoria del kernel, permite a usuarios locales obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n SCTP_HMAC_IDENT IOCTL manipulada implicando a la funci\u00f3n sctp_getsockopt."
    }
  ],
  "id": "CVE-2008-4113",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-09-16T23:00:01.413",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=d97240552cd98c4b07322f30f66fd9c3ba4171de"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32190"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32315"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32393"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4266"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1655"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/09/26/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0857.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/496256/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31121"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021000"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.trapkit.de/advisories/TKADV2008-007.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-659-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45188"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/7618"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=d97240552cd98c4b07322f30f66fd9c3ba4171de"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1655"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/09/26/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0857.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/496256/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trapkit.de/advisories/TKADV2008-007.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-659-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/7618"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.\n\nIt was addressed in Red Hat Enterprise MRG for RHEL-5 via:  https://rhn.redhat.com/errata/RHSA-2008-0857.html",
      "lastModified": "2009-01-15T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2008-4113 (GCVE-0-2008-4113)

Vulnerability from cvelistv5 – Published: 2008-09-16 23:00 – Updated: 2024-08-07 10:00

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securitytracker.com/id?1021000	vdb-entryx_refsource_SECTRACK
	http://www.trapkit.de/advisories/TKADV2008-007.txt	x_refsource_MISC
	http://secunia.com/advisories/32190	third-party-advisoryx_refsource_SECUNIA
	http://securityreason.com/securityalert/4266	third-party-advisoryx_refsource_SREASON
	http://www.debian.org/security/2008/dsa-1655	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/32393	third-party-advisoryx_refsource_SECUNIA
	https://www.exploit-db.com/exploits/7618	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/31121	vdb-entryx_refsource_BID
	http://www.ubuntu.com/usn/usn-659-1	vendor-advisoryx_refsource_UBUNTU
	http://git.kernel.org/?p=linux/kernel/git/stable/…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.redhat.com/support/errata/RHSA-2008-08…	vendor-advisoryx_refsource_REDHAT
	http://www.kernel.org/pub/linux/kernel/v2.6/Chang…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/496256/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/32315	third-party-advisoryx_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2008/09/26/6	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:42.609Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1021000",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021000"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.trapkit.de/advisories/TKADV2008-007.txt"
          },
          {
            "name": "32190",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32190"
          },
          {
            "name": "4266",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4266"
          },
          {
            "name": "DSA-1655",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1655"
          },
          {
            "name": "32393",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32393"
          },
          {
            "name": "7618",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/7618"
          },
          {
            "name": "31121",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31121"
          },
          {
            "name": "USN-659-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-659-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=d97240552cd98c4b07322f30f66fd9c3ba4171de"
          },
          {
            "name": "SUSE-SA:2008:053",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html"
          },
          {
            "name": "RHSA-2008:0857",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0857.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4"
          },
          {
            "name": "kernel-sctpgetsockopthmac-info-disclosure(45188)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45188"
          },
          {
            "name": "20080911 [TKADV2008-007] Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496256/100/0/threaded"
          },
          {
            "name": "32315",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32315"
          },
          {
            "name": "[oss-security] 20080926 Re: CVE-2008-4113 update: kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/09/26/6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1021000",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021000"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.trapkit.de/advisories/TKADV2008-007.txt"
        },
        {
          "name": "32190",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32190"
        },
        {
          "name": "4266",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4266"
        },
        {
          "name": "DSA-1655",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1655"
        },
        {
          "name": "32393",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32393"
        },
        {
          "name": "7618",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/7618"
        },
        {
          "name": "31121",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31121"
        },
        {
          "name": "USN-659-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-659-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=d97240552cd98c4b07322f30f66fd9c3ba4171de"
        },
        {
          "name": "SUSE-SA:2008:053",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html"
        },
        {
          "name": "RHSA-2008:0857",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0857.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4"
        },
        {
          "name": "kernel-sctpgetsockopthmac-info-disclosure(45188)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45188"
        },
        {
          "name": "20080911 [TKADV2008-007] Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496256/100/0/threaded"
        },
        {
          "name": "32315",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32315"
        },
        {
          "name": "[oss-security] 20080926 Re: CVE-2008-4113 update: kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/09/26/6"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4113",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1021000",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021000"
            },
            {
              "name": "http://www.trapkit.de/advisories/TKADV2008-007.txt",
              "refsource": "MISC",
              "url": "http://www.trapkit.de/advisories/TKADV2008-007.txt"
            },
            {
              "name": "32190",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32190"
            },
            {
              "name": "4266",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4266"
            },
            {
              "name": "DSA-1655",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1655"
            },
            {
              "name": "32393",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32393"
            },
            {
              "name": "7618",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/7618"
            },
            {
              "name": "31121",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31121"
            },
            {
              "name": "USN-659-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-659-1"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=d97240552cd98c4b07322f30f66fd9c3ba4171de",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=d97240552cd98c4b07322f30f66fd9c3ba4171de"
            },
            {
              "name": "SUSE-SA:2008:053",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html"
            },
            {
              "name": "RHSA-2008:0857",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0857.html"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4"
            },
            {
              "name": "kernel-sctpgetsockopthmac-info-disclosure(45188)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45188"
            },
            {
              "name": "20080911 [TKADV2008-007] Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496256/100/0/threaded"
            },
            {
              "name": "32315",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32315"
            },
            {
              "name": "[oss-security] 20080926 Re: CVE-2008-4113 update: kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/09/26/6"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4113",
    "datePublished": "2008-09-16T23:00:00",
    "dateReserved": "2008-09-16T00:00:00",
    "dateUpdated": "2024-08-07T10:00:42.609Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2008-4113

CVE-2008-4113 (GCVE-0-2008-4113)

Tags

Sightings

Nomenclature