CVE-2008-5029

Publication date 10 November 2008

Last updated 24 July 2024

Ubuntu priority

The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.

From the Ubuntu Security Team

It was discovered that the Unix Socket handler did not correctly process the SCM_RIGHTS message. A local attacker could make a malicious socket request that would crash the system, leading to a denial of service.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	8.10 intrepid	Fixed 2.6.27-9.19
	8.04 LTS hardy	Fixed 2.6.24-22.45
	7.10 gutsy	Not in release
	6.06 LTS dapper	Not in release
linux-source-2.6.15	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	6.06 LTS dapper	Fixed 2.6.15-53.74
linux-source-2.6.22	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Fixed 2.6.22-16.60
	6.06 LTS dapper	Not in release

Notes

kees

raised priority due to public PoC

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux	Introduced by 1da177e, fixed by f8d570a

References

Related Ubuntu Security Notices (USN)

USN-679-1
Linux kernel vulnerabilities
27 November 2008