[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110210

 
 

909

 
 

86021

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-2692Date: (C)2009-08-14   (M)2018-06-20


The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 7.2
Exploit Score: Exploit Score: 3.9
Impact Score: Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: LOCAL
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: COMPLETE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  
Reference:
EXPLOIT-DB-19933
http://www.securityfocus.com/archive/1/archive/1/505751/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/505912/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/512019/100/0/threaded
BID-36038
SECUNIA-36278
SECUNIA-36289
SECUNIA-36327
SECUNIA-36430
SECUNIA-37298
SECUNIA-37471
EXPLOIT-DB-9477
ADV-2009-2272
ADV-2009-3316
DSA-1865
MDVSA-2009:233
RHSA-2009:1222
RHSA-2009:1223
RHSA-2009:1233
SUSE-SR:2009:015
http://www.openwall.com/lists/oss-security/2009/08/14/1
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98
http://grsecurity.net/~spender/wunderbar_emporium.tgz
http://support.avaya.com/css/P8/documents/100067254
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://zenthought.org/content/file/android-root-2009-08-16-source
https://bugzilla.redhat.com/show_bug.cgi?id=516949
https://issues.rpath.com/browse/RPL-3103

CPE    111
cpe:/o:linux:linux_kernel:2.6.16
cpe:/o:linux:linux_kernel:2.6.15
cpe:/o:linux:linux_kernel:2.6.14
cpe:/o:linux:linux_kernel:2.6.13
...
CWE    1
CWE-119
OVAL    27
oval:org.secpod.oval:def:600434
oval:org.mitre.oval:def:7970
oval:org.secpod.oval:def:700386
oval:org.mitre.oval:def:8131
...

© SecPod Technologies