4.9

CVE-2009-3001

Exploit
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 2.6.31
LinuxLinux Kernel Version2.6.31 Update-
LinuxLinux Kernel Version2.6.31 Updaterc1
LinuxLinux Kernel Version2.6.31 Updaterc2
LinuxLinux Kernel Version2.6.31 Updaterc3
LinuxLinux Kernel Version2.6.31 Updaterc4
LinuxLinux Kernel Version2.6.31 Updaterc5
LinuxLinux Kernel Version2.6.31 Updaterc6
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version8.04 SwEditionlts
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.259
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.exploit-db.com/exploits/9513
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/36126
Third Party Advisory
Exploit
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=519305
Third Party Advisory
Exploit
Issue Tracking