CVE-2008-3525 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-3525
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-3525

Description: The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-659-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html ST 1020969 SAID Secunia Advisory: SA32393 Secunia Advisory: SA32386 Secunia Advisory: SA32759 Secunia Advisory: SA33201 Secunia Advisory: SA32103 Secunia Advisory: SA33280 Secunia Advisory: SA32237 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0787.html http://www.redhat.com/support/errata/RHSA-2008-0973.html MLIST http://www.openwall.com/lists/oss-security/2008/08/29/2 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:223 http://www.mandriva.com/security/advisories?name=MDVSA-2008:220 FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1655 http://www.debian.org/security/2008/dsa-1653 CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f2455eb176ac87081bbfc9a44b21c7cd2bc1967e http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.7

Return to the previous page.