Think you have a false positive on this rule?

Sid 1-15907

Message

OS-LINUX Linux Kernel DCCP Protocol Handler dccpsetsockoptchange integer overflow attempt

Summary

Integer overflow in the dccpsetsockoptchange function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field.

Impact

CVSS base score 7.1 CVSS impact score 6.9 CVSS exploitability score 8.6 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE

CVE-2008-3276:

CVSS base score 7.1

CVSS impact score 6.9

CVSS exploitability score 8.6

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

Detailed information

CVE-2008-3276: Integer overflow in the dccpsetsockoptchange function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field.

Affected systems

  • linux linux_kernel 2.6.17
  • linux linux_kernel 2.6.17.1
  • linux linux_kernel 2.6.17.2
  • linux linux_kernel 2.6.17.3
  • linux linux_kernel 2.6.17.4
  • linux linux_kernel 2.6.17.5
  • linux linux_kernel 2.6.17.6
  • linux linux_kernel 2.6.17.7
  • linux linux_kernel 2.6.17.8
  • linux linux_kernel 2.6.17.9
  • linux linux_kernel 2.6.17.10
  • linux linux_kernel 2.6.17.11
  • linux linux_kernel 2.6.17.12
  • linux linux_kernel 2.6.17.13
  • linux linux_kernel 2.6.17.14
  • linux linux_kernel 2.6.18
  • linux linux_kernel 2.6.18.1
  • linux linux_kernel 2.6.18.2
  • linux linux_kernel 2.6.18.3
  • linux linux_kernel 2.6.18.4
  • linux linux_kernel 2.6.18.5
  • linux linux_kernel 2.6.18.6
  • linux linux_kernel 2.6.18.7
  • linux linux_kernel 2.6.18.8
  • linux linux_kernel 2.6.19.0
  • linux linux_kernel 2.6.19.1
  • linux linux_kernel 2.6.19.2
  • linux linux_kernel 2.6.19.3
  • linux linux_kernel 2.6.19.4
  • linux linux_kernel 2.6.19.5
  • linux linux_kernel 2.6.19.6
  • linux linux_kernel 2.6.19.7
  • linux linux_kernel 2.6.20
  • linux linux_kernel 2.6.20.1
  • linux linux_kernel 2.6.20.2
  • linux linux_kernel 2.6.20.3
  • linux linux_kernel 2.6.20.4
  • linux linux_kernel 2.6.20.5
  • linux linux_kernel 2.6.20.6
  • linux linux_kernel 2.6.20.7
  • linux linux_kernel 2.6.20.8
  • linux linux_kernel 2.6.20.9
  • linux linux_kernel 2.6.20.10
  • linux linux_kernel 2.6.20.11
  • linux linux_kernel 2.6.20.12
  • linux linux_kernel 2.6.20.13
  • linux linux_kernel 2.6.20.14
  • linux linux_kernel 2.6.20.15
  • linux linux_kernel 2.6.20.16
  • linux linux_kernel 2.6.20.17
  • linux linux_kernel 2.6.20.18
  • linux linux_kernel 2.6.20.19
  • linux linux_kernel 2.6.20.20
  • linux linux_kernel 2.6.20.21
  • linux linux_kernel 2.6.21
  • linux linux_kernel 2.6.21.1
  • linux linux_kernel 2.6.21.2
  • linux linux_kernel 2.6.21.3
  • linux linux_kernel 2.6.21.4
  • linux linux_kernel 2.6.21.5
  • linux linux_kernel 2.6.21.6
  • linux linux_kernel 2.6.21.7
  • linux linux_kernel 2.6.22
  • linux linux_kernel 2.6.22.1
  • linux linux_kernel 2.6.22.2
  • linux linux_kernel 2.6.22.3
  • linux linux_kernel 2.6.22.4
  • linux linux_kernel 2.6.22.5
  • linux linux_kernel 2.6.22.6
  • linux linux_kernel 2.6.22.7
  • linux linux_kernel 2.6.22.8
  • linux linux_kernel 2.6.22.9
  • linux linux_kernel 2.6.22.10
  • linux linux_kernel 2.6.22.11
  • linux linux_kernel 2.6.22.12
  • linux linux_kernel 2.6.22.13
  • linux linux_kernel 2.6.22.14
  • linux linux_kernel 2.6.22.15
  • linux linux_kernel 2.6.22.16
  • linux linux_kernel 2.6.22.17
  • linux linux_kernel 2.6.22.18
  • linux linux_kernel 2.6.22.19
  • linux linux_kernel 2.6.23
  • linux linux_kernel 2.6.23.1
  • linux linux_kernel 2.6.23.2
  • linux linux_kernel 2.6.23.3
  • linux linux_kernel 2.6.23.4
  • linux linux_kernel 2.6.23.5
  • linux linux_kernel 2.6.23.6
  • linux linux_kernel 2.6.23.7
  • linux linux_kernel 2.6.23.8
  • linux linux_kernel 2.6.23.9
  • linux linux_kernel 2.6.23.10
  • linux linux_kernel 2.6.23.11
  • linux linux_kernel 2.6.23.12
  • linux linux_kernel 2.6.23.13
  • linux linux_kernel 2.6.23.14
  • linux linux_kernel 2.6.23.15
  • linux linux_kernel 2.6.23.16
  • linux linux_kernel 2.6.23.17
  • linux linux_kernel 2.6.24
  • linux linux_kernel 2.6.24.1
  • linux linux_kernel 2.6.24.2
  • linux linux_kernel 2.6.24.3
  • linux linux_kernel 2.6.24.4
  • linux linux_kernel 2.6.24.5
  • linux linux_kernel 2.6.24.6
  • linux linux_kernel 2.6.24.7
  • linux linux_kernel 2.6.25
  • linux linux_kernel 2.6.25.1
  • linux linux_kernel 2.6.25.2
  • linux linux_kernel 2.6.25.3
  • linux linux_kernel 2.6.25.4
  • linux linux_kernel 2.6.25.5
  • linux linux_kernel 2.6.25.6
  • linux linux_kernel 2.6.25.7
  • linux linux_kernel 2.6.25.8
  • linux linux_kernel 2.6.25.9
  • linux linux_kernel 2.6.25.10
  • linux linux_kernel 2.6.25.11
  • linux linux_kernel 2.6.25.12
  • linux linux_kernel 2.6.25.13
  • linux linux_kernel 2.6.25.14
  • linux linux_kernel 2.6.25.15
  • linux linux_kernel 2.6.26
  • linux linux_kernel 2.6.26.2

Ease of attack

CVE-2008-3276:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References