CVE-2008-3525

Table of Contents

Impact:
Important
Public Date:
2008-08-27
Bugzilla:
460401: CVE-2008-3525 kernel: missing capability checks in sbni_ioctl()

The MITRE CVE dictionary describes this issue as:

The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.

Find out more about CVE-2008-3525 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (kernel) RHSA-2008:0973 2008-12-17
Red Hat Enterprise Linux 2.1 (kernel) RHSA-2009:0001 2009-01-08
Red Hat Enterprise Linux 2.1 (kernel) RHSA-2008:0787 2009-01-05
Last Modified

CVE description copyright © 2017, The MITRE Corporation