// For flags

CVE-2008-3525

kernel: missing capability checks in sbni_ioctl()

Severity Score

7.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.

La función sbni_ioctl en drivers/net/wan/sbni.c del subsistema WAN en Linux kernel 2.6.26.3 no chequea la capacidad CAP_NET_ADMIN antes de procesar una petición ioctl (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, o (4) SIOCDEVEMANSIPATE, lo cual permite a usuarios locales evitar restricciones de capacidad intencionadas.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-08-07 CVE Reserved
  • 2008-09-03 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (35)
URL Tag Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f2455eb176ac87081bbfc9a44b21c7cd2bc1967e X_refsource_confirm
http://secunia.com/advisories/32103 Third Party Advisory
http://secunia.com/advisories/32237 Third Party Advisory
http://secunia.com/advisories/32315 Third Party Advisory
http://secunia.com/advisories/32356 Third Party Advisory
http://secunia.com/advisories/32370 Third Party Advisory
http://secunia.com/advisories/32386 Third Party Advisory
http://secunia.com/advisories/32393 Third Party Advisory
http://secunia.com/advisories/32759 Third Party Advisory
http://secunia.com/advisories/33201 Third Party Advisory
http://secunia.com/advisories/33280 Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.7 X_refsource_confirm
http://www.openwall.com/lists/oss-security/2008/08/29/2 Mailing List
http://www.securitytracker.com/id?1020969 Vdb Entry
http://www.vupen.com/english/advisories/2008/2511 Vdb Entry
http://www.vupen.com/english/advisories/2008/2714 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5671 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9364 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html 2023-02-13
http://www.debian.org/security/2008/dsa-1653 2023-02-13
http://www.debian.org/security/2008/dsa-1655 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2008:220 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2008:223 2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-0787.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-0973.html 2023-02-13
http://www.ubuntu.com/usn/usn-659-1 2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00689.html 2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00693.html 2023-02-13
https://access.redhat.com/security/cve/CVE-2008-3525 2009-01-08
https://bugzilla.redhat.com/show_bug.cgi?id=460401 2009-01-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 2.6.26.3
Search vendor "Linux" for product "Linux Kernel" and version "2.6.26.3"
-
Affected