CVE-2008-0384

OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=openbsd-security-announce&m=120007327504064
http://secunia.com/advisories/28473	Vendor Advisory
http://www.openbsd.org/errata42.html#005_ifrtlabel
http://www.securityfocus.com/bid/27252	Exploit
http://www.securitytracker.com/id?1019188
https://www.exploit-db.com/exploits/4935

Configurations

Configuration 1 (hide)

cpe:2.3:o:openbsd:openbsd:4.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-01-22 20:00

Updated : 2024-02-28 11:01

NVD link : CVE-2008-0384

Mitre link : CVE-2008-0384

CVE.ORG link : CVE-2008-0384

JSON object : View

Products Affected

openbsd

openbsd

CWE

NVD-CWE-Other

{"id": "CVE-2008-0384", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-01-22T20:00:00.000", "references": [{"url": "http://marc.info/?l=openbsd-security-announce&m=120007327504064", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28473", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openbsd.org/errata42.html#005_ifrtlabel", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27252", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019188", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/4935", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked."}, {"lang": "es", "value": "OpenBSD 4.2 permtie a usuarios locales provocar denegaci\u00f3n de servicio (kernel panic) a trav\u00e9s de una llamada SIOCGIFRTLABEL IOCTL sobre una interfaz que no tiene una etiqueta route, el cual dispara un puntero de referencia NULL cuando devuelve el valor de la funci\u00f3n rtlabel_id2name no est\u00e1 validada."}], "lastModified": "2018-10-30T16:25:27.670", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:openbsd:openbsd:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DF8DD37-A337-4E9D-A34E-C2D561A24285"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}