CVE-2008-1669
Vulnerability Summary
Timeline
Description
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table."
CVSS Metrics
- v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 0.12%• Percentile: 30%
Techniques & Countermeasures
- CWE-94•Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
- CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Affected Systems
- linux•linux_kernel
2.6.0 | 2.6.0:test1 | 2.6.0:test10 | 2.6.0:test11 | 2.6.0:test2 | 2.6.0:test3 | 2.6.0:test4 | 2.6.0:test5 | 2.6.0:test6 | 2.6.0:test7 | 2.6.0:test8 | 2.6.0:test9 | 2.6.1 | 2.6.1:rc1 | 2.6.1:rc2 | 2.6.1:rc3 | 2.6.2 | 2.6.2:rc1 | 2.6.2:rc2 | 2.6.2:rc3 | 2.6.3 | 2.6.3:rc1 | 2.6.3:rc2 | 2.6.3:rc3 | 2.6.3:rc4 | 2.6.4 | 2.6.4:rc1 | 2.6.4:rc2 | 2.6.4:rc3 | 2.6.5 | 2.6.5:rc1 | 2.6.5:rc2 | 2.6.5:rc3 | 2.6.6 | 2.6.6:rc1 | 2.6.6:rc2 | 2.6.6:rc3 | 2.6.7 | 2.6.7:rc1 | 2.6.7:rc2 | 2.6.7:rc3 | 2.6.8 | 2.6.8:rc1 | 2.6.8:rc2 | 2.6.8:rc3 | 2.6.8:rc4 | 2.6.8.1 | 2.6.8.1.5 | 2.6.9 | 2.6.9:rc1 | 2.6.9:rc2 | 2.6.9:rc3 | 2.6.9:rc4 | 2.6.10 | 2.6.10:rc1 | 2.6.10:rc2 | 2.6.10:rc3 | 2.6.11 | 2.6.11:rc1 | 2.6.11:rc2 | 2.6.11:rc3 | 2.6.11:rc4 | 2.6.11:rc5 | 2.6.11.1 | 2.6.11.2 | 2.6.11.3 | 2.6.11.4 | 2.6.11.5 | 2.6.11.6 | 2.6.11.7 | 2.6.11.8 | 2.6.11.9 | 2.6.11.10 | 2.6.11.11 | 2.6.11.12 | 2.6.11_rc1_bk6 | 2.6.12 | 2.6.12:rc1 | 2.6.12:rc2 | 2.6.12:rc3 | 2.6.12:rc4 | 2.6.12:rc5 | 2.6.12:rc6 | 2.6.12.1 | 2.6.12.2 | 2.6.12.3 | 2.6.12.4 | 2.6.12.5 | 2.6.12.6 | 2.6.12.12 | 2.6.12.22 | 2.6.13 | 2.6.13:rc1 | 2.6.13:rc2 | 2.6.13:rc3 | 2.6.13:rc4 | 2.6.13:rc5 | 2.6.13:rc6 | 2.6.13:rc7 | 2.6.13.1 | 2.6.13.2 | 2.6.13.3 | 2.6.13.4 | 2.6.13.5 | 2.6.14 | 2.6.14:rc1 | 2.6.14:rc2 | 2.6.14:rc3 | 2.6.14:rc4 | 2.6.14:rc5 | 2.6.14.1 | 2.6.14.2 | 2.6.14.3 | 2.6.14.4 | 2.6.14.5 | 2.6.14.6 | 2.6.14.7 | 2.6.15 | 2.6.15:rc1 | 2.6.15:rc2 | 2.6.15:rc3 | 2.6.15:rc4 | 2.6.15:rc5 | 2.6.15:rc6 | 2.6.15:rc7 | 2.6.15.1 | 2.6.15.2 | 2.6.15.3 | 2.6.15.4 | 2.6.15.5 | 2.6.15.6 | 2.6.15.7 | 2.6.15.11 | 2.6.16 | 2.6.16:rc1 | 2.6.16:rc2 | 2.6.16:rc3 | 2.6.16:rc4 | 2.6.16:rc5 | 2.6.16:rc6 | 2.6.16.1 | 2.6.16.2 | 2.6.16.3 | 2.6.16.4 | 2.6.16.5 | 2.6.16.6 | 2.6.16.7 | 2.6.16.8 | 2.6.16.9 | 2.6.16.10 | 2.6.16.11 | 2.6.16.12 | 2.6.16.13 | 2.6.16.14 | 2.6.16.15 | 2.6.16.16 | 2.6.16.17 | 2.6.16.18 | 2.6.16.19 | 2.6.16.20 | 2.6.16.21 | 2.6.16.22 | 2.6.16.23 | 2.6.16.24 | 2.6.16.25 | 2.6.16.26 | 2.6.16.27 | 2.6.16.28 | 2.6.16.29 | 2.6.16.30 | 2.6.16.31 | 2.6.16.32 | 2.6.16.33 | 2.6.16.34 | 2.6.16.35 | 2.6.16.36 | 2.6.16.37 | 2.6.16.38 | 2.6.16.39 | 2.6.16.40 | 2.6.16.41 | 2.6.16.43 | 2.6.16.44 | 2.6.16.45 | 2.6.16.46 | 2.6.16.47 | 2.6.16.48 | 2.6.16.49 | 2.6.16.50 | 2.6.16.51 | 2.6.16.52 | 2.6.16.53 | 2.6.16_rc7 | 2.6.17 | 2.6.17:rc1 | 2.6.17:rc2 | 2.6.17:rc3 | 2.6.17:rc4 | 2.6.17:rc5 | 2.6.17:rc6 | 2.6.17.1 | 2.6.17.2 | 2.6.17.3 | 2.6.17.4 | 2.6.17.5 | 2.6.17.6 | 2.6.17.7 | 2.6.17.8 | 2.6.17.9 | 2.6.17.10 | 2.6.17.11 | 2.6.17.12 | 2.6.17.13 | 2.6.17.14 | 2.6.18 | 2.6.18:rc1 | 2.6.18:rc2 | 2.6.18:rc3 | 2.6.18:rc4 | 2.6.18:rc5 | 2.6.18:rc6 | 2.6.18:rc7 | 2.6.18.1 | 2.6.18.2 | 2.6.18.3 | 2.6.18.4 | 2.6.18.5 | 2.6.18.6 | 2.6.18.7 | 2.6.18.8 | 2.6.19 | 2.6.19:rc1 | 2.6.19:rc2 | 2.6.19:rc3 | 2.6.19:rc4 | 2.6.19.1 | 2.6.19.2 | 2.6.19.3 | 2.6.20 | 2.6.20:rc2 | 2.6.20.1 | 2.6.20.2 | 2.6.20.3 | 2.6.20.4 | 2.6.20.5 | 2.6.20.6 | 2.6.20.7 | 2.6.20.8 | 2.6.20.9 | 2.6.20.10 | 2.6.20.11 | 2.6.20.12 | 2.6.20.13 | 2.6.20.14 | 2.6.20.15 | 2.6.21 | 2.6.21:git1 | 2.6.21:git2 | 2.6.21:git3 | 2.6.21:git4 | 2.6.21:git5 | 2.6.21:git6 | 2.6.21:git7 | 2.6.21:rc3 | 2.6.21:rc4 | 2.6.21:rc5 | 2.6.21:rc6 | 2.6.21:rc7 | 2.6.21.1 | 2.6.21.2 | 2.6.21.3 | 2.6.21.4 | 2.6.22 | 2.6.22:rc6 | 2.6.22.1 | 2.6.22.3 | 2.6.22.4 | 2.6.22.5 | 2.6.22.6 | 2.6.22.7 | 2.6.22.16 | 2.6.23 | 2.6.23:rc1 | 2.6.23:rc2 | 2.6.23.1 | 2.6.23.2 | 2.6.23.3 | 2.6.23.4 | 2.6.23.5 | 2.6.23.6 | 2.6.23.7 | 2.6.23.9 | 2.6.23.14 | 2.6.24 | 2.6.24:rc2 | 2.6.24:rc3 | 2.6.24.1 | 2.6.24.2 | 2.6.24.3 | 2.6.24.4 | 2.6.24.5 | 2.6.25 | 2.6.25.1 | 2.6_test9_cvs
References (45)
- http://secunia.com/advisories/30276
- http://secunia.com/advisories/30962
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html
- http://www.securityfocus.com/archive/1/491740/100/0/threaded
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.2
- https://issues.rpath.com/browse/RPL-2518
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html
- http://www.redhat.com/support/errata/RHSA-2008-0237.html
- http://www.vupen.com/english/advisories/2008/1451/references
- http://www.vupen.com/english/advisories/2008/1452/references
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:167
- http://www.ubuntu.com/usn/usn-618-1
- http://secunia.com/advisories/30982
- http://www.securityfocus.com/bid/29076
- http://secunia.com/advisories/30116
- http://www.redhat.com/support/errata/RHSA-2008-0233.html
- http://secunia.com/advisories/30110
- http://www.debian.org/security/2008/dsa-1575
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10065
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html
- http://www.vupen.com/english/advisories/2008/2222/references
- http://secunia.com/advisories/30515
- https://usn.ubuntu.com/614-1/
- http://www.securitytracker.com/id?1019974
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
- http://secunia.com/advisories/30101
- http://secunia.com/advisories/30164
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0162
- http://secunia.com/advisories/30108
- http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4
- http://secunia.com/advisories/30252
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00357.html
- http://www.redhat.com/support/errata/RHSA-2008-0211.html
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00294.html
- http://secunia.com/advisories/30769
- http://secunia.com/advisories/30077
- http://lists.vmware.com/pipermail/security-announce/2008/000023.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42242
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:104
- http://secunia.com/advisories/30260
- http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
- http://secunia.com/advisories/31246
- http://secunia.com/advisories/30818
- http://secunia.com/advisories/30112
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html