4.9

CVE-2005-4881

The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version2.4.1
LinuxLinux Kernel Version2.4.2
LinuxLinux Kernel Version2.4.3
LinuxLinux Kernel Version2.4.4
LinuxLinux Kernel Version2.4.5
LinuxLinux Kernel Version2.4.6
LinuxLinux Kernel Version2.4.7
LinuxLinux Kernel Version2.4.8
LinuxLinux Kernel Version2.4.9
LinuxLinux Kernel Version2.4.10
LinuxLinux Kernel Version2.4.11
LinuxLinux Kernel Version2.4.12
LinuxLinux Kernel Version2.4.13
LinuxLinux Kernel Version2.4.14
LinuxLinux Kernel Version2.4.15
LinuxLinux Kernel Version2.4.16
LinuxLinux Kernel Version2.4.17
LinuxLinux Kernel Version2.4.18
LinuxLinux Kernel Version2.4.19
LinuxLinux Kernel Version2.4.20
LinuxLinux Kernel Version2.4.21
LinuxLinux Kernel Version2.4.22
LinuxLinux Kernel Version2.4.23
LinuxLinux Kernel Version2.4.24
LinuxLinux Kernel Version2.4.25
LinuxLinux Kernel Version2.4.26
LinuxLinux Kernel Version2.4.27
LinuxLinux Kernel Version2.4.27 Edition-pre1
LinuxLinux Kernel Version2.4.27 Edition-pre2
LinuxLinux Kernel Version2.4.27 Edition-pre3
LinuxLinux Kernel Version2.4.27 Edition-pre4
LinuxLinux Kernel Version2.4.27 Edition-pre5
LinuxLinux Kernel Version2.4.28
LinuxLinux Kernel Version2.4.29
LinuxLinux Kernel Version2.4.30
LinuxLinux Kernel Version2.4.30 Updaterc2
LinuxLinux Kernel Version2.4.30 Updaterc3
LinuxLinux Kernel Version2.4.31
LinuxLinux Kernel Version2.4.32
LinuxLinux Kernel Version2.4.33
LinuxLinux Kernel Version2.4.33.1
LinuxLinux Kernel Version2.4.33.2
LinuxLinux Kernel Version2.4.33.3
LinuxLinux Kernel Version2.4.33.4
LinuxLinux Kernel Version2.4.33.5
LinuxLinux Kernel Version2.4.33.7
LinuxLinux Kernel Version2.4.34
LinuxLinux Kernel Version2.4.34.1
LinuxLinux Kernel Version2.4.34.2
LinuxLinux Kernel Version2.4.34.3
LinuxLinux Kernel Version2.4.34.4
LinuxLinux Kernel Version2.4.34.5
LinuxLinux Kernel Version2.4.34.6
LinuxLinux Kernel Version2.4.35.1
LinuxLinux Kernel Version2.4.35.2
LinuxLinux Kernel Version2.4.35.3
LinuxLinux Kernel Version2.4.35.4
LinuxLinux Kernel Version2.4.35.5
LinuxLinux Kernel Version2.4.36
LinuxLinux Kernel Version2.4.36.1
LinuxLinux Kernel Version2.4.36.2
LinuxLinux Kernel Version2.4.36.3
LinuxLinux Kernel Version2.4.36.4
LinuxLinux Kernel Version2.4.36.5
LinuxLinux Kernel Version2.4.36.6
LinuxLinux Kernel Version2.4.36.7
LinuxLinux Kernel Version2.4.36.8
LinuxLinux Kernel Version2.4.36.9
LinuxLinux Kernel Version2.4.37
LinuxLinux Kernel Version2.4.37.1
LinuxLinux Kernel Version2.4.37.2
LinuxLinux Kernel Version2.4.37.3
LinuxLinux Kernel Version2.4.37.4
LinuxLinux Kernel Version2.4.37.5
LinuxLinux Kernel Version2.6.0
LinuxLinux Kernel Version2.6.1
LinuxLinux Kernel Version2.6.10
LinuxLinux Kernel Version2.6.11
LinuxLinux Kernel Version2.6.11.1
LinuxLinux Kernel Version2.6.11.2
LinuxLinux Kernel Version2.6.11.3
LinuxLinux Kernel Version2.6.11.4
LinuxLinux Kernel Version2.6.11.5
LinuxLinux Kernel Version2.6.11.6
LinuxLinux Kernel Version2.6.11.7
LinuxLinux Kernel Version2.6.11.8
LinuxLinux Kernel Version2.6.11.9
LinuxLinux Kernel Version2.6.11.10
LinuxLinux Kernel Version2.6.11.11
LinuxLinux Kernel Version2.6.11.12
LinuxLinux Kernel Version2.6.12
LinuxLinux Kernel Version2.6.12.1
LinuxLinux Kernel Version2.6.12.2
LinuxLinux Kernel Version2.6.12.3
LinuxLinux Kernel Version2.6.12.4
LinuxLinux Kernel Version2.6.12.5
LinuxLinux Kernel Version2.6.12.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.297
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
http://secunia.com/advisories/37909
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=0f3f2328f63c521fe4b435f148687452f98b2349
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=30e744716c4a6cc4e8ecaaddf68f20057c03dc8d
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=3408cce0c2f380884070896420ca566704452fb5
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a47077a0b5aa2649751c46e7a27884e6686ccbf
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b3563c4fbff906991a1b4ef4609f99cca2a0de6a
http://marc.info/?l=git-commits-head&m=112002138324380
Patch
http://secunia.com/advisories/37084
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6
Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.13/ChangeLog-2.6.13-rc1
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2009/09/05/2
Patch
http://www.openwall.com/lists/oss-security/2009/09/06/2
Patch
http://www.openwall.com/lists/oss-security/2009/09/07/2
Patch
http://www.openwall.com/lists/oss-security/2009/09/17/1
Patch
http://www.openwall.com/lists/oss-security/2009/09/17/9
Patch
http://www.redhat.com/support/errata/RHSA-2009-1522.html
https://bugzilla.redhat.com/show_bug.cgi?id=521601
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11744