CVE-2008-4395
published 2008-11-06CVE-2008-4395: Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a…
PriorityP340high8.3CVSS 2.0
AVAACLAuNCCICAC
EPSS
2.40%
82.0th percentile
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | — | — |
| ubuntu | linux_kernel | <= 2.6.26 | — |
CVSS provenance
nvdv2.08.3HIGHAV:A/AC:L/Au:N/C:C/I:C/A:C
osv8.3HIGH
vendor_redhat8.3HIGH
vendor_ubuntu8.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Ubuntu kernel modules vulnerability
vendor_ubuntu·2008-11-06·CVSS 8.3
CVE-2008-4395 [HIGH] Ubuntu kernel modules vulnerability
Title: Ubuntu kernel modules vulnerability
Summary: Ubuntu kernel modules vulnerability
USN-662-1 fixed vulnerabilities in ndiswrapper in Ubuntu 8.10.
This update provides the corresponding updates for Ubuntu 8.04 and 7.10.
Original advisory details:
Anders Kaseorg discovered that ndiswrapper did not correctly handle long
ESSIDs. For a system using ndiswrapper, a physically near-by attacker
could generate specially crafted wireless network traffic and execute
arbitrary code with root privileges. (CVE-2008-4395)
Instructions: After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2008-11-05·CVSS 2.1
CVE-2008-3528 [LOW] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
It was discovered that the Linux kernel could be made to hang temporarily
when mounting corrupted ext2/3 filesystems. If a user were tricked into
mounting a specially crafted filesystem, a remote attacker could cause
system hangs, leading to a denial of service. (CVE-2008-3528)
Anders Kaseorg discovered that ndiswrapper did not correctly handle long
ESSIDs. For a system using ndiswrapper, a physically near-by attacker
could generate specially crafted wireless network traffic and execute
arbitrary code with root privileges. (CVE-2008-4395)
Instructions: After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Red Hat
CVE-2008-4395: Multiple buffer overflows in the ndiswrapper module 1
vendor_redhat·CVSS 8.3
CVE-2008-4395 [HIGH] CVE-2008-4395: Multiple buffer overflows in the ndiswrapper module 1
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.
Statement: Not vulnerable. ndiswrapper is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
GHSA
GHSA-cfmc-g2m2-7ffx: Multiple buffer overflows in the ndiswrapper module 1
ghsa_unreviewed·2022-05-02
CVE-2008-4395 [HIGH] CWE-119 GHSA-cfmc-g2m2-7ffx: Multiple buffer overflows in the ndiswrapper module 1
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.
OSV
CVE-2008-4395: Multiple buffer overflows in the ndiswrapper module 1
osv·2008-11-06·CVSS 8.3
CVE-2008-4395 [HIGH] CVE-2008-4395: Multiple buffer overflows in the ndiswrapper module 1
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugs.gentoo.org/show_bug.cgi?id=239371http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git%3Ba=commitdiff%3Bh=49945b423c2f7e33b4c579ca460df6a806ee8f9fhttp://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.htmlhttp://secunia.com/advisories/32509http://www.mail-archive.com/frugalware-git%40frugalware.org/msg22366.htmlhttp://www.securityfocus.com/bid/32118http://www.securitytracker.com/id?1021142http://www.ubuntu.com/usn/usn-662-1http://www.ubuntu.com/usn/usn-662-2https://bugs.launchpad.net/bugs/cve/2008-4395https://bugs.launchpad.net/ubuntu/+source/linux/+bug/275860https://exchange.xforce.ibmcloud.com/vulnerabilities/46437http://bugs.gentoo.org/show_bug.cgi?id=239371http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git%3Ba=commitdiff%3Bh=49945b423c2f7e33b4c579ca460df6a806ee8f9fhttp://lists.opensuse.org/opensuse-security-announce/2008-12/msg00001.htmlhttp://secunia.com/advisories/32509http://www.mail-archive.com/frugalware-git%40frugalware.org/msg22366.htmlhttp://www.securityfocus.com/bid/32118http://www.securitytracker.com/id?1021142http://www.ubuntu.com/usn/usn-662-1http://www.ubuntu.com/usn/usn-662-2https://bugs.launchpad.net/bugs/cve/2008-4395https://bugs.launchpad.net/ubuntu/+source/linux/+bug/275860https://exchange.xforce.ibmcloud.com/vulnerabilities/46437
2008-11-06
Published