CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2008-1375

Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.
Publish Date : 2008-05-02 Last Update Date : 2020-08-26
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
6.9
Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Denial Of ServiceGain privileges
CWE ID 362

- Additional Vendor Supplied Data

Vendor Impact CVSS Score CVSS Vector Report Date Publish Date
Redhat important 2008-03-31 2008-05-01
If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title Definition Id Class Family
CVE-2008-1375 oval:org.opensuse.security:def:20081375 unix
DSA-1565 linux-2.6 -- several vulnerabilities oval:org.mitre.oval:def:7816 unix
DSA-1565-1 linux-2.6 - several vulnerabilities oval:org.mitre.oval:def:19757 unix
ELSA-2008:0233: kernel security and bug fix update (Important) oval:org.mitre.oval:def:21800 unix
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 befor... oval:org.mitre.oval:def:11843 unix
RHSA-2008:0211: kernel security and bug fix update (Important) oval:com.redhat.rhsa:def:20080211 unix
RHSA-2008:0233: kernel security and bug fix update (Important) oval:com.redhat.rhsa:def:20080233 unix
RHSA-2008:0237: kernel security and bug fix update (Important) oval:com.redhat.rhsa:def:20080237 unix
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2008-1375

# Product Type Vendor Product Version Update Edition Language
1 OS Canonical Ubuntu Linux 6.06 * * * Version Details Vulnerabilities
2 OS Canonical Ubuntu Linux 7.04 * * * Version Details Vulnerabilities
3 OS Canonical Ubuntu Linux 7.10 * * * Version Details Vulnerabilities
4 OS Canonical Ubuntu Linux 8.04 * * * Version Details Vulnerabilities
5 OS Debian Debian Linux 4.0 * * * Version Details Vulnerabilities
6 OS Fedoraproject Fedora 8 * * * Version Details Vulnerabilities
7 OS Linux Linux Kernel * * * * Version Details Vulnerabilities
8 OS Linux Linux Kernel 2.6.25 * * * Version Details Vulnerabilities
9 OS Opensuse Opensuse 10.2 * * * Version Details Vulnerabilities
10 OS Opensuse Opensuse 10.3 * * * Version Details Vulnerabilities
11 OS Suse Linux Enterprise Desktop 10 SP1 * * Version Details Vulnerabilities
12 OS Suse Linux Enterprise Server 9 * * * Version Details Vulnerabilities
13 OS Suse Linux Enterprise Server 10 SP1 * * Version Details Vulnerabilities
14 OS Suse Linux Enterprise Software Development Kit 10 SP1 * * Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Canonical Ubuntu Linux 4
Debian Debian Linux 1
Fedoraproject Fedora 1
Linux Linux Kernel 2
Opensuse Opensuse 2
Suse Linux Enterprise Desktop 1
Suse Linux Enterprise Server 2
Suse Linux Enterprise Software Development Kit 1

- References For CVE-2008-1375

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html
SUSE SUSE-SA:2008:032
http://marc.info/?l=linux-kernel&m=120967963803205&w=2
MLIST [linux-kernel] 20080501 Linux 2.6.24.6
http://www.debian.org/security/2008/dsa-1565
DEBIAN DSA-1565
http://www.mandriva.com/security/advisories?name=MDVSA-2008:104
MANDRIVA MDVSA-2008:104
http://lists.vmware.com/pipermail/security-announce/2008/000023.html
MLIST [Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix
http://secunia.com/advisories/30962
SECUNIA 30962
http://secunia.com/advisories/31246
SECUNIA 31246
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html
SUSE SUSE-SA:2008:031
http://secunia.com/advisories/30890
SECUNIA 30890
http://www.ubuntu.com/usn/usn-618-1
UBUNTU USN-618-1
http://secunia.com/advisories/30818
SECUNIA 30818
http://secunia.com/advisories/30769
SECUNIA 30769
http://www.mandriva.com/security/advisories?name=MDVSA-2008:167
MANDRIVA MDVSA-2008:167
http://secunia.com/advisories/30515
SECUNIA 30515
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
SUSE SUSE-SA:2008:030
http://secunia.com/advisories/30260
SECUNIA 30260
http://secunia.com/advisories/30108
SECUNIA 30108
http://www.redhat.com/support/errata/RHSA-2008-0211.html
REDHAT RHSA-2008:0211
http://secunia.com/advisories/30017
SECUNIA 30017
http://secunia.com/advisories/30044
SECUNIA 30044
https://issues.rpath.com/browse/RPL-2501 CONFIRM
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4 CONFIRM
http://www.securityfocus.com/bid/29003
BID 29003 Linux Kernel 'dnotify.c' Local Race Condition Vulnerability Release Date:2015-04-16
http://www.securitytracker.com/id?1019959
SECTRACK 1019959
http://www.redhat.com/support/errata/RHSA-2008-0237.html
REDHAT RHSA-2008:0237
http://www.redhat.com/support/errata/RHSA-2008-0233.html
REDHAT RHSA-2008:0233
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html
FEDORA FEDORA-2008-3873
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
MANDRIVA MDVSA-2008:105
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1 CONFIRM
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157 CONFIRM
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6 CONFIRM
http://marc.info/?l=linux-kernel&m=120967964303224&w=2
MLIST [linux-kernel] 20080501 Linux 2.6.25.1
http://wiki.rpath.com/Advisories:rPSA-2008-0157 CONFIRM
http://secunia.com/advisories/30018
SECUNIA 30018
http://secunia.com/advisories/30110
SECUNIA 30110
http://secunia.com/advisories/30116
SECUNIA 30116
http://secunia.com/advisories/30112
SECUNIA 30112
http://www.vupen.com/english/advisories/2008/1452/references
VUPEN ADV-2008-1452
http://www.vupen.com/english/advisories/2008/2222/references
VUPEN ADV-2008-2222
http://www.vupen.com/english/advisories/2008/1406/references
VUPEN ADV-2008-1406
https://exchange.xforce.ibmcloud.com/vulnerabilities/42131
XF linux-kernel-dnotify-privilege-escalation(42131)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11843
OVAL oval:org.mitre.oval:def:11843
https://usn.ubuntu.com/614-1/
UBUNTU USN-614-1
http://www.securityfocus.com/archive/1/491732/100/0/threaded
BUGTRAQ 20080507 rPSA-2008-0157-1 kernel
http://www.securityfocus.com/archive/1/491566/100/0/threaded
BUGTRAQ 20080502 rPSA-2008-0157-1 kernel

- Metasploit Modules Related To CVE-2008-1375

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.