CVE-2008-5029
Published: 10 November 2008
The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.
From the Ubuntu Security Team
It was discovered that the Unix Socket handler did not correctly process the SCM_RIGHTS message. A local attacker could make a malicious socket request that would crash the system, leading to a denial of service.
Notes
| Author | Note |
|---|---|
| kees | raised priority due to public PoC |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Does not exist
|
|
| hardy |
Released
(2.6.24-22.45)
|
|
| intrepid |
Released
(2.6.27-9.19)
|
|
| upstream |
Released
(2.6.28~rc4)
|
|
|
Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.6.15-53.74)
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| upstream |
Released
(2.6.28~rc4)
|
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Released
(2.6.22-16.60)
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| upstream |
Released
(2.6.28~rc4)
|
|