Home > Vulnerability Database > CVE-2008-2365

Mend.io Vulnerability Database

CVE-2008-2365

Date: June 30, 2008

Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.

Severity Score

5.1

Related Resources (21)

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/43567

Url: http://www.openwall.com/lists/oss-security/2008/06/26/1

Url: http://www.securitytracker.com/id?1020362

Url: https://access.redhat.com/security/cve/CVE-2008-2365

Url: https://bugzilla.redhat.com/show_bug.cgi?id=449359

Url: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=5ecfbae093f0c37311e89b29bfc0c9d586eace87

Url: http://secunia.com/advisories/31107

Url: http://www.securityfocus.com/bid/29945

Url: http://secunia.com/advisories/30850

Url: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=f358166a9405e4f1d8e50d8f415c26d95505b6de

Url: http://www.openwall.com/lists/oss-security/2008/07/14/1

Url: http://www.ubuntu.com/usn/usn-625-1

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10749

Url: http://rhn.redhat.com/errata/RHSA-2008-0508.html

Url: http://securityreason.com/securityalert/3965

Url: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=f5b40e363ad6041a96e3da32281d8faa191597b9

Url: http://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/tests/late-ptrace-may-attach-check.c?cvsroot=systemtap

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-2365

Url: http://marc.info/?l=linux-kernel&m=117863520707703&w=2

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-2365

Url: https://www.mend.io/vulnerability-database/CVE-2008-2365

Severity Score

5.1

Weakness Type (CWE)

Race Conditions

CWE-362

CVSS v3.1

Base Score:	5.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.7
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-2365

Date: June 30, 2008

Severity Score

Related Resources (21)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?