[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-2692

Date: (C)2009-08-14   (M)2017-09-22
 
CVSS Score: 7.2Access Vector: LOCAL
Exploitability Subscore: 3.9Access Complexity: LOW
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

Reference:
EXPLOIT-DB-19933
http://www.securityfocus.com/archive/1/archive/1/505751/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/505912/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/512019/100/0/threaded
BID-36038
SECUNIA-36278
SECUNIA-36289
SECUNIA-36327
SECUNIA-36430
SECUNIA-37298
SECUNIA-37471
EXPLOIT-DB-9477
ADV-2009-2272
ADV-2009-3316
DSA-1865
MDVSA-2009:233
RHSA-2009:1222
RHSA-2009:1223
RHSA-2009:1233
SUSE-SR:2009:015
http://www.openwall.com/lists/oss-security/2009/08/14/1
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98
http://grsecurity.net/~spender/wunderbar_emporium.tgz
http://support.avaya.com/css/P8/documents/100067254
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://zenthought.org/content/file/android-root-2009-08-16-source
https://bugzilla.redhat.com/show_bug.cgi?id=516949
https://issues.rpath.com/browse/RPL-3103

CPE    111
cpe:/o:linux:linux_kernel:2.6.30.2
cpe:/o:linux:linux_kernel:2.6.30.1
cpe:/o:linux:linux_kernel:2.6.30.4
cpe:/o:linux:linux_kernel:2.6.30
...
CWE    1
CWE-119
OVAL    27
oval:org.secpod.oval:def:600434
oval:org.mitre.oval:def:7970
oval:org.secpod.oval:def:700386
oval:org.mitre.oval:def:8131
...

© 2013 SecPod Technologies