[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-2692

Date: (C)2009-08-14   (M)2017-11-18 


The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

CVSS Score: 7.2Access Vector: LOCAL
Exploit Score: 3.9Access Complexity: LOW
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
EXPLOIT-DB-19933
http://www.securityfocus.com/archive/1/archive/1/505751/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/505912/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/512019/100/0/threaded
BID-36038
SECUNIA-36278
SECUNIA-36289
SECUNIA-36327
SECUNIA-36430
SECUNIA-37298
SECUNIA-37471
EXPLOIT-DB-9477
ADV-2009-2272
ADV-2009-3316
DSA-1865
MDVSA-2009:233
RHSA-2009:1222
RHSA-2009:1223
RHSA-2009:1233
SUSE-SR:2009:015
http://www.openwall.com/lists/oss-security/2009/08/14/1
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98
http://grsecurity.net/~spender/wunderbar_emporium.tgz
http://support.avaya.com/css/P8/documents/100067254
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://zenthought.org/content/file/android-root-2009-08-16-source
https://bugzilla.redhat.com/show_bug.cgi?id=516949
https://issues.rpath.com/browse/RPL-3103

CPE    111
cpe:/o:linux:linux_kernel:2.6.11.2
cpe:/o:linux:linux_kernel:2.6.11.3
cpe:/o:linux:linux_kernel:2.6.11.4
cpe:/o:linux:linux_kernel:2.6.11.5
...
CWE    1
CWE-119
OVAL    27
oval:org.secpod.oval:def:500695
oval:org.secpod.oval:def:500616
oval:org.secpod.oval:def:500506
oval:org.secpod.oval:def:200331
...

© 2013 SecPod Technologies