7.2

CVE-2009-3725

Exploit
The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 2.6.31.5
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version8.04 SwEditionlts
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
CanonicalUbuntu Linux Version9.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.61% 0.445
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.ubuntu.com/usn/usn-864-1
Third Party Advisory
http://marc.info/?l=linux-kernel&m=125449888416314&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=oss-security&m=125715484511380&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=oss-security&m=125716192622235&w=2
Third Party Advisory
Mailing List
http://patchwork.kernel.org/patch/51382/
Patch
Vendor Advisory
http://patchwork.kernel.org/patch/51383/
Patch
Vendor Advisory
http://patchwork.kernel.org/patch/51384/
Patch
Vendor Advisory
http://patchwork.kernel.org/patch/51387/
Patch
Vendor Advisory
http://secunia.com/advisories/37113
Third Party Advisory
http://secunia.com/advisories/38905
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5
Vendor Advisory
http://www.securityfocus.com/bid/36834
Patch
Third Party Advisory
http://xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/
Third Party Advisory
Exploit