JVN/CVE Demo: Cveinfos

CVE

Id: 30717
CVE No.: CVE-2008-0600
Status: Candidate
Description: The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.
Phase: Assigned (20080205)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
327251	30717	CVE-2008-0600	BUGTRAQ:20080212 rPSA-2008-0052-1 kernel	View
327252	30717	CVE-2008-0600	URL:http://www.securityfocus.com/archive/1/archive/1/488009/100/0/threaded	View
327253	30717	CVE-2008-0600	MILW0RM:5092	View
327254	30717	CVE-2008-0600	URL:http://www.milw0rm.com/exploits/5092	View
327255	30717	CVE-2008-0600	MLIST:[linux-kernel] 20080210 Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit	View
327256	30717	CVE-2008-0600	URL:http://marc.info/?l=linux-kernel&m=120264773202422&w=2	View
327257	30717	CVE-2008-0600	MLIST:[linux-kernel] 20080210 Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit	View
327258	30717	CVE-2008-0600	URL:http://marc.info/?l=linux-kernel&m=120263652322197&w=2	View
327259	30717	CVE-2008-0600	MLIST:[linux-kernel] 20080210 Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit	View
327260	30717	CVE-2008-0600	URL:http://marc.info/?l=linux-kernel&m=120264520431307&w=2	View
327261	30717	CVE-2008-0600	MLIST:[linux-kernel] 20080210 Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit	View
327262	30717	CVE-2008-0600	URL:http://marc.info/?l=linux-kernel&m=120266328220808&w=2	View
327263	30717	CVE-2008-0600	MLIST:[linux-kernel] 20080210 Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit	View
327264	30717	CVE-2008-0600	URL:http://marc.info/?l=linux-kernel&m=120266353621139&w=2	View
327265	30717	CVE-2008-0600	CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0052	View
327266	30717	CVE-2008-0600	CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0052	View
327267	30717	CVE-2008-0600	CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=432229	View
327268	30717	CVE-2008-0600	CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=432517	View
327269	30717	CVE-2008-0600	CONFIRM:https://issues.rpath.com/browse/RPL-2237	View
327270	30717	CVE-2008-0600	DEBIAN:DSA-1494	View
327271	30717	CVE-2008-0600	URL:http://www.debian.org/security/2008/dsa-1494	View
327272	30717	CVE-2008-0600	FEDORA:FEDORA-2008-1422	View
327273	30717	CVE-2008-0600	URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html	View
327274	30717	CVE-2008-0600	FEDORA:FEDORA-2008-1423	View
327275	30717	CVE-2008-0600	URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html	View
327276	30717	CVE-2008-0600	FEDORA:FEDORA-2008-1433	View
327277	30717	CVE-2008-0600	URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00270.html	View
327278	30717	CVE-2008-0600	FEDORA:FEDORA-2008-1629	View
327279	30717	CVE-2008-0600	URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00485.html	View
327280	30717	CVE-2008-0600	MANDRIVA:MDVSA-2008:043	View
327281	30717	CVE-2008-0600	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:043	View
327282	30717	CVE-2008-0600	MANDRIVA:MDVSA-2008:044	View
327283	30717	CVE-2008-0600	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:044	View
327284	30717	CVE-2008-0600	REDHAT:RHSA-2008:0129	View
327285	30717	CVE-2008-0600	URL:http://www.redhat.com/support/errata/RHSA-2008-0129.html	View
327286	30717	CVE-2008-0600	SUSE:SUSE-SA:2008:007	View
327287	30717	CVE-2008-0600	URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00005.html	View
327288	30717	CVE-2008-0600	SUSE:SUSE-SA:2008:013	View
327289	30717	CVE-2008-0600	URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html	View
327290	30717	CVE-2008-0600	SUSE:SUSE-SA:2008:030	View
327291	30717	CVE-2008-0600	URL:http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html	View
327292	30717	CVE-2008-0600	UBUNTU:USN-577-1	View
327293	30717	CVE-2008-0600	URL:http://www.ubuntu.com/usn/usn-577-1	View
327294	30717	CVE-2008-0600	BID:27704	View
327295	30717	CVE-2008-0600	URL:http://www.securityfocus.com/bid/27704	View
327296	30717	CVE-2008-0600	BID:27801	View
327297	30717	CVE-2008-0600	URL:http://www.securityfocus.com/bid/27801	View
327298	30717	CVE-2008-0600	OVAL:oval:org.mitre.oval:def:11358	View
327299	30717	CVE-2008-0600	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11358	View
327300	30717	CVE-2008-0600	VUPEN:ADV-2008-0487	View
327301	30717	CVE-2008-0600	URL:http://www.vupen.com/english/advisories/2008/0487/references	View
327302	30717	CVE-2008-0600	SECTRACK:1019393	View
327303	30717	CVE-2008-0600	URL:http://securitytracker.com/id?1019393	View
327304	30717	CVE-2008-0600	SECUNIA:28835	View
327305	30717	CVE-2008-0600	URL:http://secunia.com/advisories/28835	View
327306	30717	CVE-2008-0600	SECUNIA:28858	View
327307	30717	CVE-2008-0600	URL:http://secunia.com/advisories/28858	View
327308	30717	CVE-2008-0600	SECUNIA:28875	View
327309	30717	CVE-2008-0600	URL:http://secunia.com/advisories/28875	View
327310	30717	CVE-2008-0600	SECUNIA:28896	View
327311	30717	CVE-2008-0600	URL:http://secunia.com/advisories/28896	View
327312	30717	CVE-2008-0600	SECUNIA:28889	View
327313	30717	CVE-2008-0600	URL:http://secunia.com/advisories/28889	View
327314	30717	CVE-2008-0600	SECUNIA:28912	View
327315	30717	CVE-2008-0600	URL:http://secunia.com/advisories/28912	View
327316	30717	CVE-2008-0600	SECUNIA:28925	View
327317	30717	CVE-2008-0600	URL:http://secunia.com/advisories/28925	View
327318	30717	CVE-2008-0600	SECUNIA:28933	View
327319	30717	CVE-2008-0600	URL:http://secunia.com/advisories/28933	View
327320	30717	CVE-2008-0600	SECUNIA:28937	View
327321	30717	CVE-2008-0600	URL:http://secunia.com/advisories/28937	View
327322	30717	CVE-2008-0600	SECUNIA:29245	View
327323	30717	CVE-2008-0600	URL:http://secunia.com/advisories/29245	View
327324	30717	CVE-2008-0600	SECUNIA:30818	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
50128	JVNDB-2008-005438	XLight FTP Server の LDAP 認証機能におけるアクセス制限を回避される脆弱性	XLight FTP Server の LDAP 認証機能は、不特定の LDAP サーバと一緒に使用されている際、空白パスワードをチェックしないため、アクセス制限を回避される脆弱性が存在します。	CVE-2008-0604	30717	6.8		http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-005438.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.37 MB
View render complete	2.89 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	4.05
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	536.13
Event: Controller.beforeRender	4.98
» Processing toolbar data	4.89
Rendering View	23.80
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	22.33
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	1.02
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.09
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/30717
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/30717
Remote Port	35584
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	52.14.236.216
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http Cookie	advanced-frontend=fcb2e05u6s7scodo7klhituff5
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	52.14.236.216
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	52.14.236.216
Unique Id	aB8L9w-DDTVQmnlX1A1DngAAATM
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	52.14.236.216
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	52.14.236.216
Redirect Unique Id	aB8L9w-DDTVQmnlX1A1DngAAATM
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	52.14.236.216
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	52.14.236.216
Redirect Redirect Unique Id	aB8L9w-DDTVQmnlX1A1DngAAATM
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1746865143.8792
Request Time	1746865143

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files