QwikSec

Security Database

CVE

CWE

Training

CVE-2008-3525

Published: Sep 3, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

SUSE-SA:2008:047

vendor-advisory

x_refsource_SUSE

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f2455eb176ac87081bbfc9a44b21c7cd2bc1967e

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

vendor-advisory

x_refsource_DEBIAN

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20080829 CVE-2008-3525 kernel: missing capability checks in sbni_ioctl()

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_MANDRIVA

SUSE-SA:2008:052

vendor-advisory

x_refsource_SUSE

http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.7

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

SUSE-SA:2008:053

vendor-advisory

x_refsource_SUSE

FEDORA-2008-8929

vendor-advisory

x_refsource_FEDORA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_DEBIAN

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_MANDRIVA

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

SUSE-SA:2008:051

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

FEDORA-2008-8980

vendor-advisory

x_refsource_FEDORA

oval:org.mitre.oval:def:9364

vdb-entry

signature

x_refsource_OVAL

SUSE-SA:2008:049

vendor-advisory

x_refsource_SUSE

SUSE-SR:2008:025

vendor-advisory

x_refsource_SUSE

oval:org.mitre.oval:def:5671

vdb-entry

signature

x_refsource_OVAL

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.