4.9

CVE-2009-3002

Exploit
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 2.6.31
LinuxLinux Kernel Version2.6.31 Update-
LinuxLinux Kernel Version2.6.31 Updaterc1
LinuxLinux Kernel Version2.6.31 Updaterc2
LinuxLinux Kernel Version2.6.31 Updaterc3
LinuxLinux Kernel Version2.6.31 Updaterc4
LinuxLinux Kernel Version2.6.31 Updaterc5
LinuxLinux Kernel Version2.6.31 Updaterc6
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version8.04 SwEditionlts
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.03% 0.592
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/archive/1/512019/100/0/threaded
Third Party Advisory
VDB Entry
https://rhn.redhat.com/errata/RHSA-2009-1550.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/37351
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
Third Party Advisory
Mailing List
https://rhn.redhat.com/errata/RHSA-2009-1540.html
Third Party Advisory
http://secunia.com/advisories/37105
Third Party Advisory
http://www.ubuntu.com/usn/USN-852-1
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=519305
Third Party Advisory
Exploit
Issue Tracking
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=09384dfc76e526c3993c09c42e016372dc9dd22c
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=17ac2e9c58b69a1e25460a568eae1b0dc0188c25
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d392475c873c10c10d6d96b94d092a34ebd4791
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=80922bbb12a105f858a8f0abb879cb4302d0ecaa
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e84b90ae5eb3c112d1f208964df1d8156a538289
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6b97b29513950bfbf621a83d85b6f86b39ec8db
http://secunia.com/advisories/36438
Third Party Advisory
http://www.exploit-db.com/exploits/9521
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2009/08/27/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2009/08/27/2
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/36150
Third Party Advisory
Exploit
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741
Third Party Advisory