JVN/CVE Demo: Cveinfos

CVE

Id: 34562
CVE No.: CVE-2008-4445
Status: Candidate
Description: The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113.
Phase: Assigned (20081006)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
378561	34562	CVE-2008-4445	MLIST:[linux-sctp] 20080827 [PATCH 0/2] sctp: additional overflow fixes	View
378562	34562	CVE-2008-4445	URL:http://marc.info/?l=linux-sctp&m=121986743009093&w=2	View
378563	34562	CVE-2008-4445	MLIST:[linux-sctp] 20080827 [PATCH 2/2] sctp: fix random memory dereference with SCTP_HMAC_IDENT option.	View
378564	34562	CVE-2008-4445	URL:http://marc.info/?l=linux-sctp&m=121986743209110&w=2	View
378565	34562	CVE-2008-4445	MLIST:[oss-security] 20080925 CVE-2008-4113 update: kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option	View
378566	34562	CVE-2008-4445	URL:http://www.openwall.com/lists/oss-security/2008/09/24/9	View
378567	34562	CVE-2008-4445	MLIST:[oss-security] 20080926 Re: CVE-2008-4113 update: kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option	View
378568	34562	CVE-2008-4445	URL:http://www.openwall.com/lists/oss-security/2008/09/26/6	View
378569	34562	CVE-2008-4445	MLIST:[oss-security] 20080927 Re: CVE-2008-4113 update: kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option	View
378570	34562	CVE-2008-4445	URL:http://www.openwall.com/lists/oss-security/2008/09/27/1	View
378571	34562	CVE-2008-4445	MLIST:[oss-security] 20080929 Re: CVE-2008-4113 update: kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option	View
378572	34562	CVE-2008-4445	URL:http://www.openwall.com/lists/oss-security/2008/09/29/4	View
378573	34562	CVE-2008-4445	CONFIRM:http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=d97240552cd98c4b07322f30f66fd9c3ba4171de	View
378574	34562	CVE-2008-4445	CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4	View
378575	34562	CVE-2008-4445	DEBIAN:DSA-1655	View
378576	34562	CVE-2008-4445	URL:http://www.debian.org/security/2008/dsa-1655	View
378577	34562	CVE-2008-4445	MANDRIVA:MDVSA-2008:223	View
378578	34562	CVE-2008-4445	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:223	View
378579	34562	CVE-2008-4445	REDHAT:RHSA-2008:0857	View
378580	34562	CVE-2008-4445	URL:http://www.redhat.com/support/errata/RHSA-2008-0857.html	View
378581	34562	CVE-2008-4445	SUSE:SUSE-SA:2008:053	View
378582	34562	CVE-2008-4445	URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00010.html	View
378583	34562	CVE-2008-4445	UBUNTU:USN-659-1	View
378584	34562	CVE-2008-4445	URL:http://www.ubuntu.com/usn/usn-659-1	View
378585	34562	CVE-2008-4445	BID:31121	View
378586	34562	CVE-2008-4445	URL:http://www.securityfocus.com/bid/31121	View
378587	34562	CVE-2008-4445	SECTRACK:1021001	View
378588	34562	CVE-2008-4445	URL:http://www.securitytracker.com/id?1021001	View
378589	34562	CVE-2008-4445	SECUNIA:32190	View
378590	34562	CVE-2008-4445	URL:http://secunia.com/advisories/32190	View
378591	34562	CVE-2008-4445	SECUNIA:32393	View
378592	34562	CVE-2008-4445	URL:http://secunia.com/advisories/32393	View
378593	34562	CVE-2008-4445	SECUNIA:32315	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
49618	JVNDB-2008-004928	mIRC におけるスタックベースのバッファオーバーフローの脆弱性	mIRC には、スタックベースのバッファオーバーフローの脆弱性が存在します。	CVE-2008-4449	34562	9.3		http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-004928.html	View

Message	Memory use
Component initialization	1.38 MB
Controller action start	1.48 MB
Controller render start	2.30 MB
View render complete	2.76 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.83
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	477.90
Event: Controller.beforeRender	4.46
» Processing toolbar data	4.38
Rendering View	10.74
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	9.85
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.48
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.08
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/34562
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/34562
Remote Port	60179
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	3.148.250.110
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	3.148.250.110
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	3.148.250.110
Unique Id	aB1KEJ2at2BfQuim_V9Y7wAAAVQ
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	3.148.250.110
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	3.148.250.110
Redirect Unique Id	aB1KEJ2at2BfQuim_V9Y7wAAAVQ
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	3.148.250.110
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	3.148.250.110
Redirect Redirect Unique Id	aB1KEJ2at2BfQuim_V9Y7wAAAVQ
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1746749968.8222
Request Time	1746749968

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files