Vulnerabilities > CVE-2008-3832 - Resource Management Errors vulnerability in Redhat Fedora 8/9

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

redhat

CWE-399

exploit available

NVD

Published: 2008-10-03

Updated: 2023-02-13

Summary

A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function.

Vulnerable Configurations

Part	Description	Count
OS	Redhat Redhat Fedora 8 Redhat Fedora 9	2
OS	Linux Linux Linux Kernel * Linux Linux Kernel 2.2.27 Linux Linux Kernel 2.4.36 Linux Linux Kernel 2.4.36.1 Linux Linux Kernel 2.4.36.2 Linux Linux Kernel 2.4.36.3 Linux Linux Kernel 2.4.36.4 Linux Linux Kernel 2.4.36.5 Linux Linux Kernel 2.4.36.6 Linux Linux Kernel 2.6 Linux Linux Kernel 2.6.18 Linux Linux Kernel 2.6.19.4 Linux Linux Kernel 2.6.19.5 Linux Linux Kernel 2.6.19.6 Linux Linux Kernel 2.6.19.7 Linux Linux Kernel 2.6.20.16 Linux Linux Kernel 2.6.20.17 Linux Linux Kernel 2.6.20.18 Linux Linux Kernel 2.6.20.19 Linux Linux Kernel 2.6.20.20 Linux Linux Kernel 2.6.20.21 Linux Linux Kernel 2.6.21.5 Linux Linux Kernel 2.6.21.6 Linux Linux Kernel 2.6.21.7 Linux Linux Kernel 2.6.22 Linux Linux Kernel 2.6.22.1 Linux Linux Kernel 2.6.22.2 Linux Linux Kernel 2.6.22.8 Linux Linux Kernel 2.6.22.9 Linux Linux Kernel 2.6.22.10 Linux Linux Kernel 2.6.22.11 Linux Linux Kernel 2.6.22.12 Linux Linux Kernel 2.6.22.13 Linux Linux Kernel 2.6.22.14 Linux Linux Kernel 2.6.22.15 Linux Linux Kernel 2.6.22.17 Linux Linux Kernel 2.6.22.18 Linux Linux Kernel 2.6.22.19 Linux Linux Kernel 2.6.22.20 Linux Linux Kernel 2.6.22.21 Linux Linux Kernel 2.6.22.22 Linux Linux Kernel 2.6.22_Rc1 Linux Linux Kernel 2.6.22_Rc7 Linux Linux Kernel 2.6.23 Linux Linux Kernel 2.6.24 Linux Linux Kernel 2.6.25 Linux Linux Kernel 2.6.26 Linux Linux Kernel 2.6.26.1 Linux Linux Kernel 2.6.26.2 Linux Linux Kernel 2.6.26.3 Linux Linux Kernel 2.6.23.8 Linux Linux Kernel 2.6.23.9 Linux Linux Kernel 2.6.23.10 Linux Linux Kernel 2.6.23.11 Linux Linux Kernel 2.6.23.12 Linux Linux Kernel 2.6.23.13 Linux Linux Kernel 2.6.23.15 Linux Linux Kernel 2.6.23.16 Linux Linux Kernel 2.6.23.17	66

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Exploit-Db

description	Fedora 8/9 Linux Kernel 'utrace_control' NULL Pointer Dereference Denial of Service Vulnerability. CVE-2008-3832. Dos exploit for linux platform
id	EDB-ID:32451
last seen	2016-02-03
modified	2008-10-02
published	2008-10-02
reporter	Michael Simms
source	https://www.exploit-db.com/download/32451/
title	Fedora 8/9 Linux Kernel 'utrace_control' NULL Pointer Dereference Denial of Service Vulnerability

Seebug

bulletinFamily	exploit
description	CVE: CVE-2008-3832 Fedora 8 and 9 Linux kernel is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. Note that this issue does not affect upstream kernel versions. Only the following Fedora distributions are affected: Fedora 8 prior to kernel-2.6.26.5-28 Fedora 9 prior to kernel-2.6.26.5-45 RedHat Fedora 9 0 RedHat Fedora 8 0 Updates are available. Please see the references for more information.
id	SSV:4140
last seen	2017-11-19
modified	2008-10-04
published	2008-10-04
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-4140
title	Fedora 8/9 Linux Kernel 'utrace_control' NULL Pointer Dereference Denial of Service Vulnerability

Statements

contributor	Joshua Bressers
lastmodified	2017-08-07
organization	Red Hat
statement	Not vulnerable. This issue did not affect the version of utrace as shipped with the Red Hat Enterprise Linux 5 kernel.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Seebug

Statements

References