Your submission was sent successfully! Close

CVE-2008-5029

Published: 10 November 2008

The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.

From the Ubuntu security team

It was discovered that the Unix Socket handler did not correctly process the SCM_RIGHTS message. A local attacker could make a malicious socket request that would crash the system, leading to a denial of service.

Notes

AuthorNote
kees
raised priority due to public PoC
Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy
Released (2.6.24-22.45)
intrepid
Released (2.6.27-9.19)
upstream
Released (2.6.28~rc4)
Patches:
Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by f8d570a4745835f2238a33b537218a1bb03fc671
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper
Released (2.6.15-53.74)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

upstream
Released (2.6.28~rc4)
linux-source-2.6.22
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy
Released (2.6.22-16.60)
hardy Does not exist

intrepid Does not exist

upstream
Released (2.6.28~rc4)