CVE-2008-5701 - OpenCVE

Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a denial of service (system crash) via an o32 syscall with a small syscall number, which leads to an attempted read operation outside the bounds of the syscall table.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:M/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.6.28:rc1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.28:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.28:rc3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.28:rc4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.28:rc5::::::
	cpe:2.3:o:linux:linux_kernel:2.6.28:rc6::::::
	cpe:2.3:o:linux:linux_kernel:2.6.28:rc7::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=e807f9574e37a3f202e677feaaad1b7c5d2c0db8
http://openwall.com/lists/oss-security/2008/12/09/1
http://secunia.com/advisories/33078
http://secunia.com/advisories/34981
http://secunia.com/advisories/35011
http://www.debian.org/security/2009/dsa-1787
http://www.debian.org/security/2009/dsa-1794
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc8
http://www.securityfocus.com/bid/32716
https://exchange.xforce.ibmcloud.com/vulnerabilities/47190

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-12-22T15:00:00

Updated: 2024-08-07T11:04:44.154Z

Reserved: 2008-12-22T00:00:00

Link: CVE-2008-5701

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-12-22T15:30:00.703

Modified: 2023-11-07T02:03:15.760

Link: CVE-2008-5701

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-09T00:00:00", "descriptions": [{"lang": "en", "value": "Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a denial of service (system crash) via an o32 syscall with a small syscall number, which leads to an attempted read operation outside the bounds of the syscall table."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20081209 CVE request: kernel: MIPS: Fix potential DOS by untrusted user app", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2008/12/09/1"}, {"name": "linux-kernel-mips-dos(47190)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47190"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc8"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=e807f9574e37a3f202e677feaaad1b7c5d2c0db8"}, {"name": "DSA-1794", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1794"}, {"name": "33078", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33078"}, {"name": "35011", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35011"}, {"name": "34981", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34981"}, {"name": "32716", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32716"}, {"name": "DSA-1787", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1787"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5701", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a denial of service (system crash) via an o32 syscall with a small syscall number, which leads to an attempted read operation outside the bounds of the syscall table."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20081209 CVE request: kernel: MIPS: Fix potential DOS by untrusted user app", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2008/12/09/1"}, {"name": "linux-kernel-mips-dos(47190)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47190"}, {"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc8", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc8"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=e807f9574e37a3f202e677feaaad1b7c5d2c0db8", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=e807f9574e37a3f202e677feaaad1b7c5d2c0db8"}, {"name": "DSA-1794", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1794"}, {"name": "33078", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33078"}, {"name": "35011", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35011"}, {"name": "34981", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34981"}, {"name": "32716", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32716"}, {"name": "DSA-1787", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1787"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:04:44.154Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20081209 CVE request: kernel: MIPS: Fix potential DOS by untrusted user app", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2008/12/09/1"}, {"name": "linux-kernel-mips-dos(47190)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47190"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc8"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=e807f9574e37a3f202e677feaaad1b7c5d2c0db8"}, {"name": "DSA-1794", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1794"}, {"name": "33078", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33078"}, {"name": "35011", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35011"}, {"name": "34981", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34981"}, {"name": "32716", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32716"}, {"name": "DSA-1787", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1787"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5701", "datePublished": "2008-12-22T15:00:00", "dateReserved": "2008-12-22T00:00:00", "dateUpdated": "2024-08-07T11:04:44.154Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B5B312F-E76A-43E1-A73F-31535848D55B", "versionEndIncluding": "2.6.28", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28:rc1:*:*:*:*:*:*", "matchCriteriaId": "3463B83B-E46F-456E-98BA-801C59AEB337", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28:rc2:*:*:*:*:*:*", "matchCriteriaId": "C8A1A8F2-F892-4EDC-A5DA-1BBD6993E84E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28:rc3:*:*:*:*:*:*", "matchCriteriaId": "60EFBFAD-1AF4-49AC-A0E6-A88AB84CD919", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28:rc4:*:*:*:*:*:*", "matchCriteriaId": "05FD0767-03F3-416C-AB6D-6BC4A12220B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28:rc5:*:*:*:*:*:*", "matchCriteriaId": "8452D554-8DEB-4265-839C-6B40CCFB56B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28:rc6:*:*:*:*:*:*", "matchCriteriaId": "94F445F9-57A5-4453-BB5D-290349C04A80", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28:rc7:*:*:*:*:*:*", "matchCriteriaId": "62C97D20-4152-47C4-B21B-8206CF49E20A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a denial of service (system crash) via an o32 syscall with a small syscall number, which leads to an attempted read operation outside the bounds of the syscall table."}, {"lang": "es", "value": "Error de \u00edndice de array en arch/mips/kernel/scall64-o32.S en el kernel de Linux anterior a 2.6.28-rc8 en plataformas MIPS de 64 bits, permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema) a trav\u00e9s de una llamada al sistema 032 con un n\u00famero de llamada peque\u00f1o, esto provoca un intento de operaci\u00f3n de lectura fuera del rango de la tabla de la llamada al sistema."}], "id": "CVE-2008-5701", "lastModified": "2023-11-07T02:03:15.760", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-22T15:30:00.703", "references": [{"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=e807f9574e37a3f202e677feaaad1b7c5d2c0db8"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2008/12/09/1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/33078"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/34981"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35011"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1787"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1794"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc8"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/32716"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47190"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. Red Hat does not provide support for the Linux kernel on the MIPS architecture.", "lastModified": "2009-05-14T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}