CVE-2008-5393

UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kernel support for mounting RAID arrays, which might allow remote attackers to bypass intended isolation mechanisms by (1) reading from or (2) writing to these arrays.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://securityreason.com/securityalert/4696
http://www.securityfocus.com/archive/1/498905/100/0/threaded
http://www.securityfocus.com/bid/32629	Patch
https://bugs.launchpad.net/bugs/301285	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/47082

Configurations

Configuration 1 (hide)

cpe:2.3:a:privacy-cd:unbuntu_privacy_remix:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-12-09 00:30

Updated : 2024-02-28 11:21

NVD link : CVE-2008-5393

Mitre link : CVE-2008-5393

CVE.ORG link : CVE-2008-5393

JSON object : View

Products Affected

privacy-cd

unbuntu_privacy_remix

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2008-5393", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-12-09T00:30:00.487", "references": [{"url": "http://securityreason.com/securityalert/4696", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/498905/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32629", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://bugs.launchpad.net/bugs/301285", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47082", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kernel support for mounting RAID arrays, which might allow remote attackers to bypass intended isolation mechanisms by (1) reading from or (2) writing to these arrays."}, {"lang": "es", "value": "UPR-Kernel en Ubuntu Privacy Remix (UPR) anterior a v8.04_r1 incluye soporte para el kernel para la implementaci\u00f3n de arrays RAID, lo que permitir\u00eda a atacantes remotos evitar los mecanismo de aislamiento intencionados mediante la (1) lectura o (2) escritura de estos arrays."}], "lastModified": "2018-10-11T20:55:13.263", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:privacy-cd:unbuntu_privacy_remix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E17F73C-FA60-4275-A920-48E711390BB6", "versionEndIncluding": "8.04"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. It only affected the Ubuntu Privacy Remix (UPR) kernel.", "lastModified": "2008-12-09T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}