Vulnerability-Lookup

CVE-2009-2692 (GCVE-0-2009-2692)

Vulnerability from cvelistv5 – Published: 2009-08-14 15:00 – Updated: 2024-08-07 05:59

Summary

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.redhat.com/support/errata/RHSA-2009-12…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/36278	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2009/dsa-1865	vendor-advisoryx_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2009-1223.html	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/archive/1/512019/100…	mailing-listx_refsource_BUGTRAQ
	http://www.kernel.org/pub/linux/kernel/v2.4/Chang…	x_refsource_CONFIRM
	http://secunia.com/advisories/37298	third-party-advisoryx_refsource_SECUNIA
	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121	x_refsource_CONFIRM
	http://secunia.com/advisories/36430	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/37471	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2009-1222.html	vendor-advisoryx_refsource_REDHAT
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	https://bugzilla.redhat.com/show_bug.cgi?id=516949	x_refsource_CONFIRM
	https://issues.rpath.com/browse/RPL-3103	x_refsource_CONFIRM
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://www.exploit-db.com/exploits/19933	exploitx_refsource_EXPLOIT-DB
	http://www.vupen.com/english/advisories/2009/2272	vdb-entryx_refsource_VUPEN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/archive/1/505751/100…	mailing-listx_refsource_BUGTRAQ
	http://git.kernel.org/?p=linux/kernel/git/torvald…	x_refsource_CONFIRM
	http://secunia.com/advisories/36289	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/507985/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/36327	third-party-advisoryx_refsource_SECUNIA
	http://support.avaya.com/css/P8/documents/100067254	x_refsource_CONFIRM
	http://grsecurity.net/~spender/wunderbar_emporium.tgz	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://git.kernel.org/?p=linux/kernel/git/stable/…	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.exploit-db.com/exploits/9477	exploitx_refsource_EXPLOIT-DB
	http://blog.cr0.org/2009/08/linux-null-pointer-de…	x_refsource_MISC
	http://www.kernel.org/pub/linux/kernel/v2.6/testi…	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.openwall.com/lists/oss-security/2009/08/14/1	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/bid/36038	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/505912/100…	mailing-listx_refsource_BUGTRAQ
	http://zenthought.org/content/file/android-root-2…	x_refsource_MISC
	http://www.vupen.com/english/advisories/2009/3316	vdb-entryx_refsource_VUPEN
	http://www.kernel.org/pub/linux/kernel/v2.6/Chang…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:59:57.073Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2009:1233",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1233.html"
          },
          {
            "name": "36278",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36278"
          },
          {
            "name": "DSA-1865",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1865"
          },
          {
            "name": "RHSA-2009:1223",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2009-1223.html"
          },
          {
            "name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5"
          },
          {
            "name": "37298",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37298"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121"
          },
          {
            "name": "36430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36430"
          },
          {
            "name": "37471",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37471"
          },
          {
            "name": "RHSA-2009:1222",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2009-1222.html"
          },
          {
            "name": "20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516949"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-3103"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "19933",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/19933"
          },
          {
            "name": "ADV-2009-2272",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2272"
          },
          {
            "name": "SUSE-SR:2009:015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
          },
          {
            "name": "20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/505751/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98"
          },
          {
            "name": "36289",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36289"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "name": "36327",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36327"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100067254"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://grsecurity.net/~spender/wunderbar_emporium.tgz"
          },
          {
            "name": "oval:org.mitre.oval:def:11591",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3"
          },
          {
            "name": "oval:org.mitre.oval:def:11526",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526"
          },
          {
            "name": "MDVSA-2009:233",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:233"
          },
          {
            "name": "9477",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/9477"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6"
          },
          {
            "name": "oval:org.mitre.oval:def:8657",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657"
          },
          {
            "name": "[oss-security] 20090814 CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/08/14/1"
          },
          {
            "name": "36038",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36038"
          },
          {
            "name": "20090818 rPSA-2009-0121-1 kernel open-vm-tools",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/505912/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://zenthought.org/content/file/android-root-2009-08-16-source"
          },
          {
            "name": "ADV-2009-3316",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2009:1233",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1233.html"
        },
        {
          "name": "36278",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36278"
        },
        {
          "name": "DSA-1865",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1865"
        },
        {
          "name": "RHSA-2009:1223",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2009-1223.html"
        },
        {
          "name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5"
        },
        {
          "name": "37298",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37298"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121"
        },
        {
          "name": "36430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36430"
        },
        {
          "name": "37471",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37471"
        },
        {
          "name": "RHSA-2009:1222",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2009-1222.html"
        },
        {
          "name": "20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516949"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-3103"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
        },
        {
          "name": "19933",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/19933"
        },
        {
          "name": "ADV-2009-2272",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2272"
        },
        {
          "name": "SUSE-SR:2009:015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
        },
        {
          "name": "20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/505751/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98"
        },
        {
          "name": "36289",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36289"
        },
        {
          "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
        },
        {
          "name": "36327",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36327"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/css/P8/documents/100067254"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://grsecurity.net/~spender/wunderbar_emporium.tgz"
        },
        {
          "name": "oval:org.mitre.oval:def:11591",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3"
        },
        {
          "name": "oval:org.mitre.oval:def:11526",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526"
        },
        {
          "name": "MDVSA-2009:233",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:233"
        },
        {
          "name": "9477",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/9477"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6"
        },
        {
          "name": "oval:org.mitre.oval:def:8657",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657"
        },
        {
          "name": "[oss-security] 20090814 CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/08/14/1"
        },
        {
          "name": "36038",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36038"
        },
        {
          "name": "20090818 rPSA-2009-0121-1 kernel open-vm-tools",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/505912/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://zenthought.org/content/file/android-root-2009-08-16-source"
        },
        {
          "name": "ADV-2009-3316",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3316"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2692",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2009:1233",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1233.html"
            },
            {
              "name": "36278",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36278"
            },
            {
              "name": "DSA-1865",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1865"
            },
            {
              "name": "RHSA-2009:1223",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2009-1223.html"
            },
            {
              "name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5"
            },
            {
              "name": "37298",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37298"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121"
            },
            {
              "name": "36430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36430"
            },
            {
              "name": "37471",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37471"
            },
            {
              "name": "RHSA-2009:1222",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2009-1222.html"
            },
            {
              "name": "20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=516949",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516949"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-3103",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-3103"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "19933",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/19933"
            },
            {
              "name": "ADV-2009-2272",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2272"
            },
            {
              "name": "SUSE-SR:2009:015",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
            },
            {
              "name": "20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/505751/100/0/threaded"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98"
            },
            {
              "name": "36289",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36289"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "36327",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36327"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100067254",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/css/P8/documents/100067254"
            },
            {
              "name": "http://grsecurity.net/~spender/wunderbar_emporium.tgz",
              "refsource": "MISC",
              "url": "http://grsecurity.net/~spender/wunderbar_emporium.tgz"
            },
            {
              "name": "oval:org.mitre.oval:def:11591",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3"
            },
            {
              "name": "oval:org.mitre.oval:def:11526",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526"
            },
            {
              "name": "MDVSA-2009:233",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:233"
            },
            {
              "name": "9477",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/9477"
            },
            {
              "name": "http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html",
              "refsource": "MISC",
              "url": "http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6"
            },
            {
              "name": "oval:org.mitre.oval:def:8657",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657"
            },
            {
              "name": "[oss-security] 20090814 CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/08/14/1"
            },
            {
              "name": "36038",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36038"
            },
            {
              "name": "20090818 rPSA-2009-0121-1 kernel open-vm-tools",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/505912/100/0/threaded"
            },
            {
              "name": "http://zenthought.org/content/file/android-root-2009-08-16-source",
              "refsource": "MISC",
              "url": "http://zenthought.org/content/file/android-root-2009-08-16-source"
            },
            {
              "name": "ADV-2009-3316",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2692",
    "datePublished": "2009-08-14T15:00:00.000Z",
    "dateReserved": "2009-08-05T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:59:57.073Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-337

Vulnerability from certfr_avis - Published: 2009-08-14 - Updated: 2009-08-21

Une vulnérabilité affectant les noyaux Linux et permettant une élévation de privilèges a été corrigée.

Description

Une vulnérabilité récente affectant les noyaux Linux a été rendue publique. Elle concerne un déréférencement de pointeur NULL à la création de sockets pour quelques protocoles et permet l'élévation de privilèges.

Solution

Le correctif actuel se trouve dans le Git de kernel.org mais devrait être rapidement intégré dans les différentes distributions. (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Les noyaux Linux 2.4.37.4 et antérieurs ;
	N/A	N/A	les noyaux 2.6.30.4 et antérieurs.

References

Title

Publication Time

Tags

Bulletin d'annonce d'erreur RedHat 516949 du 14 août 2009	None	vendor-advisory
Soumission du 13 août 2009 dans le Git de kernel.org :	-	other
Bulletin de sécurité Suse SUSE-SA:2009:045 du 20 août 2009 :	-	other
Article de l'ISC SANS 6964 du 14 août 2009 :	-	other
Bulletins de sécurité Debian DSA-1862 du 14 août 2009 et DSA-1864 du 16 août 2009 :	-	other
Bulletin de sécurité Ubuntu USN-819-1 du 19 août 2009 :	-	other
Bulletins d'annonce d'erreur RedHat 516949 du 14 août 2009 :	-	other
Bulletins de sécurité Debian DSA-1862 du 14 août 2009 et DSA-1864 du 16 août 2009 :	-	other
Bulletin de sécurité Mandriva MDVSA-2009:205 du 17 août 2009 :	-	other
Bulletins de sécurité Fedora 10 et 11 du 15 août 2009 :	-	other
Bulletins de sécurité Fedora 10 et 11 du 15 août 2009 :	-	other
Bulletins d'annonce d'erreur RedHat 516949 du 14 août 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Les noyaux Linux 2.4.37.4 et ant\u00e9rieurs ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "les noyaux 2.6.30.4 et ant\u00e9rieurs.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 r\u00e9cente affectant les noyaux Linux a \u00e9t\u00e9 rendue\npublique. Elle concerne un d\u00e9r\u00e9f\u00e9rencement de pointeur NULL \u00e0 la\ncr\u00e9ation de sockets pour quelques protocoles et permet l\u0027\u00e9l\u00e9vation de\nprivil\u00e8ges.\n\n## Solution\n\nLe correctif actuel se trouve dans le Git de kernel.org mais devrait\n\u00eatre rapidement int\u00e9gr\u00e9 dans les diff\u00e9rentes distributions. (cf. section\nDocumentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2692"
    }
  ],
  "initial_release_date": "2009-08-14T00:00:00",
  "last_revision_date": "2009-08-21T00:00:00",
  "links": [
    {
      "title": "Soumission du 13 ao\u00fbt 2009 dans le Git de kernel.org :",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SA:2009:045 du 20 ao\u00fbt 2009    :",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00007.html"
    },
    {
      "title": "Article de l\u0027ISC SANS 6964 du 14 ao\u00fbt 2009 :",
      "url": "http://isc.sans.org/diary.html?storyid=6964"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Debian DSA-1862 du 14 ao\u00fbt 2009 et    DSA-1864 du 16 ao\u00fbt 2009 :",
      "url": "http://www.us.debian.org/security/2009/dsa-1864"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-819-1 du 19 ao\u00fbt 2009 :",
      "url": "http://www.ubuntu.com/usn/usn-819-1"
    },
    {
      "title": "Bulletins d\u0027annonce d\u0027erreur RedHat 516949 du 14 ao\u00fbt 2009    :",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516949"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Debian DSA-1862 du 14 ao\u00fbt 2009 et    DSA-1864 du 16 ao\u00fbt 2009 :",
      "url": "http://www.us.debian.org/security/2009/dsa-1862"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2009:205 du 17 ao\u00fbt    2009 :",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2009:205"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora 10 et 11 du 15 ao\u00fbt 2009 :",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00728.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora 10 et 11 du 15 ao\u00fbt 2009 :",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00727.html"
    },
    {
      "title": "Bulletins d\u0027annonce d\u0027erreur RedHat 516949 du 14 ao\u00fbt 2009    :",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2692"
    }
  ],
  "reference": "CERTA-2009-AVI-337",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-08-14T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Mandriva, Fedora et Debian.",
      "revision_date": "2009-08-18T00:00:00.000000"
    },
    {
      "description": "correction de coquille et ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Ubuntu.",
      "revision_date": "2009-08-19T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Suse.",
      "revision_date": "2009-08-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 affectant les noyaux Linux et permettant une \u00e9l\u00e9vation\nde privil\u00e8ges a \u00e9t\u00e9 corrig\u00e9e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 du noyau Linux",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin d\u0027annonce d\u0027erreur RedHat 516949 du 14 ao\u00fbt 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-513

Vulnerability from certfr_avis - Published: 2009-11-24 - Updated: 2009-11-24

Plusieurs vulnérabilités découvertes dans les produits VMware peuvent être exploitées à distance par un utilisateur malintentionné afin de compromettre le système vulnérable ou encore d'entraver son bon fonctionnement.

Description

Les vulnérabilités présentes dans les produits VMware peuvent être exploitées afin de porter atteinte à l'intégrité et à la confidentialité des données, de réaliser un déni de service, d'injecter et d'exécuter indirectement du code arbitraire, d'élever ses privilèges ou d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Server 2.x ;
VMware	ESXi	VMware ESXi 3.x ;
VMware	N/A	VMware vMA 4.x.
VMware	N/A	VMware ESX Server 4.x ;
VMware	N/A	VMware ESX Server 2.x ;
VMware	N/A	VMware ESX Server 3.x ;
VMware	ESXi	VMware ESXi 4.x ;
VMware	vCenter Server	VMware vCenter Server 4.x ;
VMware	N/A	VMware VirtualCenter 2.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware du 20 novembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 3.x ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vMA 4.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 4.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 4.x ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server 4.x ;",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VirtualCenter 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLes vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits VMware peuvent \u00eatre\nexploit\u00e9es afin de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, de r\u00e9aliser un d\u00e9ni de service, d\u0027injecter et d\u0027ex\u00e9cuter\nindirectement du code arbitraire, d\u0027\u00e9lever ses privil\u00e8ges ou d\u0027ex\u00e9cuter\ndu code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2724"
    },
    {
      "name": "CVE-2009-0676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0676"
    },
    {
      "name": "CVE-2009-2721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2721"
    },
    {
      "name": "CVE-2008-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3143"
    },
    {
      "name": "CVE-2009-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2692"
    },
    {
      "name": "CVE-2009-2406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2406"
    },
    {
      "name": "CVE-2009-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1389"
    },
    {
      "name": "CVE-2008-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
    },
    {
      "name": "CVE-2009-1106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1106"
    },
    {
      "name": "CVE-2009-1072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1072"
    },
    {
      "name": "CVE-2008-4307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4307"
    },
    {
      "name": "CVE-2009-1104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1104"
    },
    {
      "name": "CVE-2009-2407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2407"
    },
    {
      "name": "CVE-2008-3142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3142"
    },
    {
      "name": "CVE-2009-1101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1101"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2009-1385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1385"
    },
    {
      "name": "CVE-2009-0746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0746"
    },
    {
      "name": "CVE-2009-2673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2673"
    },
    {
      "name": "CVE-2007-5966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5966"
    },
    {
      "name": "CVE-2009-2719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2719"
    },
    {
      "name": "CVE-2008-4864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4864"
    },
    {
      "name": "CVE-2009-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2417"
    },
    {
      "name": "CVE-2009-1439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1439"
    },
    {
      "name": "CVE-2009-0322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0322"
    },
    {
      "name": "CVE-2009-1895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1895"
    },
    {
      "name": "CVE-2009-1094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1094"
    },
    {
      "name": "CVE-2009-0748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0748"
    },
    {
      "name": "CVE-2008-3144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3144"
    },
    {
      "name": "CVE-2009-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0747"
    },
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2009-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1095"
    },
    {
      "name": "CVE-2009-2672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2672"
    },
    {
      "name": "CVE-2009-0675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0675"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2009-2670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2670"
    },
    {
      "name": "CVE-2009-1102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1102"
    },
    {
      "name": "CVE-2009-1630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1630"
    },
    {
      "name": "CVE-2009-0269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0269"
    },
    {
      "name": "CVE-2008-3528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3528"
    },
    {
      "name": "CVE-2008-5031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5031"
    },
    {
      "name": "CVE-2008-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1721"
    },
    {
      "name": "CVE-2009-1388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1388"
    },
    {
      "name": "CVE-2009-1192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1192"
    },
    {
      "name": "CVE-2009-2720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2720"
    },
    {
      "name": "CVE-2009-0834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0834"
    },
    {
      "name": "CVE-2009-2671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2671"
    },
    {
      "name": "CVE-2009-2848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2848"
    },
    {
      "name": "CVE-2009-2675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2675"
    },
    {
      "name": "CVE-2008-1232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2009-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0778"
    },
    {
      "name": "CVE-2009-2625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2625"
    },
    {
      "name": "CVE-2009-1099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1099"
    },
    {
      "name": "CVE-2009-1252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1252"
    },
    {
      "name": "CVE-2009-2698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2698"
    },
    {
      "name": "CVE-2008-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2009-2723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2723"
    },
    {
      "name": "CVE-2009-1107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1107"
    },
    {
      "name": "CVE-2009-2716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2716"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2008-1947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
    },
    {
      "name": "CVE-2009-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1105"
    },
    {
      "name": "CVE-2007-6286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6286"
    },
    {
      "name": "CVE-2009-0028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0028"
    },
    {
      "name": "CVE-2009-1337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1337"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2007-2052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2052"
    },
    {
      "name": "CVE-2009-1336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1336"
    },
    {
      "name": "CVE-2009-0783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    },
    {
      "name": "CVE-2007-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4965"
    },
    {
      "name": "CVE-2009-1633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1633"
    },
    {
      "name": "CVE-2009-2722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2722"
    },
    {
      "name": "CVE-2008-5700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5700"
    },
    {
      "name": "CVE-2009-1103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1103"
    },
    {
      "name": "CVE-2009-1100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1100"
    },
    {
      "name": "CVE-2009-2676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2676"
    },
    {
      "name": "CVE-2007-5342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
    },
    {
      "name": "CVE-2009-1096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1096"
    },
    {
      "name": "CVE-2009-1098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1098"
    },
    {
      "name": "CVE-2009-0787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0787"
    },
    {
      "name": "CVE-2008-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1887"
    },
    {
      "name": "CVE-2009-1097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1097"
    },
    {
      "name": "CVE-2009-2847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2847"
    },
    {
      "name": "CVE-2008-2315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2315"
    },
    {
      "name": "CVE-2009-0696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0696"
    },
    {
      "name": "CVE-2009-2718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2718"
    },
    {
      "name": "CVE-2009-0745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0745"
    },
    {
      "name": "CVE-2009-1093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1093"
    }
  ],
  "initial_release_date": "2009-11-24T00:00:00",
  "last_revision_date": "2009-11-24T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-513",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits VMware peuvent\n\u00eatre exploit\u00e9es \u00e0 distance par un utilisateur malintentionn\u00e9 afin de\ncompromettre le syst\u00e8me vuln\u00e9rable ou encore d\u0027entraver son bon\nfonctionnement.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware du 20 novembre 2009",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000070.html"
    }
  ]
}

CERTA-2010-AVI-293

Vulnerability from certfr_avis - Published: 2010-06-28 - Updated: 2010-06-28

Plusieurs vulnérabilités ont été corrigées dans VMware ESX. Elles permettent, entre autre, l'élévation de privilèges.

Description

Plusieurs vulnérabilités ont été corrigées dans VMware ESX dont certaines liées à la mise à jour du noyau linux kernel-2.4.21-60.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

VMware ESX 3.5 sans le correctif ESX350-201006401-SG.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité VMware #1022899 du 24 juin 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eVMware ESX 3.5 sans le correctif  ESX350-201006401-SG.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans VMware ESX dont\ncertaines li\u00e9es \u00e0 la mise \u00e0 jour du noyau linux kernel-2.4.21-60.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2692"
    },
    {
      "name": "CVE-2009-1385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1385"
    },
    {
      "name": "CVE-2008-5300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5300"
    },
    {
      "name": "CVE-2009-1895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1895"
    },
    {
      "name": "CVE-2009-3002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3002"
    },
    {
      "name": "CVE-2009-3547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3547"
    },
    {
      "name": "CVE-2009-2848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2848"
    },
    {
      "name": "CVE-2008-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5029"
    },
    {
      "name": "CVE-2009-2698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2698"
    },
    {
      "name": "CVE-2009-1337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1337"
    }
  ],
  "initial_release_date": "2010-06-28T00:00:00",
  "last_revision_date": "2010-06-28T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-293",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-06-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans VMware ESX. Elles\npermettent, entre autre, l\u0027\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware ESX Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware #1022899 du 24 juin 2010",
      "url": "http://kb.vmware.com/kb/1022899"
    }
  ]
}

CERTA-2009-AVI-413

Vulnerability from certfr_avis - Published: 2009-09-30 - Updated: 2009-09-30

Deux vulnérabilités découvertes dans HP-UX peuvent être exploitées afin de contourner la politique de sécurité ou pour provoquer un déni de service à distance.

Description

Une vulnérabilité dans le serveur DNS Bind peut être exploitée par un utilisateur distant malintentionné afin de provoquer un déni de service à distance (CVE-2009-0696) ;
une vulnérabilité dans le modèle de contrôle d'accès RBAC (Role-Based Access Control) sous HP-UX peut être exploitée afin de contourner la politique de sécurité et permettre à un utilisateur local d'obtenir un accès illégitime (CVE-2009-2692).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	ISC	N/A	Role-Based Access Control sous HP-UX B.11.23 et HP-UX B.11.31.
	ISC	BIND	DNS Bind Server sous T0685G06ˆ AAA, T0685G06ˆ AAC, T0685H01ˆ AAB et T0685H01ˆ AAD ;

References

Title

Publication Time

Tags

Bulletins de sécurité HP-UX du 21 septembre 2009	None	vendor-advisory
Bulletin de sécurité HP c01866178 du 21 septembre 2009 :	-	other
Bulletin de sécurité HP c01855358 du 21 septembre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Role-Based Access Control sous HP-UX B.11.23 et HP-UX B.11.31.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    },
    {
      "description": "DNS Bind Server sous T0685G06\u02c6 AAA, T0685G06\u02c6 AAC, T0685H01\u02c6 AAB et T0685H01\u02c6 AAD ;",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\n-   Une vuln\u00e9rabilit\u00e9 dans le serveur DNS Bind peut \u00eatre exploit\u00e9e par\n    un utilisateur distant malintentionn\u00e9 afin de provoquer un d\u00e9ni de\n    service \u00e0 distance (CVE-2009-0696) ;\n-   une vuln\u00e9rabilit\u00e9 dans le mod\u00e8le de contr\u00f4le d\u0027acc\u00e8s RBAC\n    (Role-Based Access Control) sous HP-UX peut \u00eatre exploit\u00e9e afin de\n    contourner la politique de s\u00e9curit\u00e9 et permettre \u00e0 un utilisateur\n    local d\u0027obtenir un acc\u00e8s ill\u00e9gitime (CVE-2009-2692).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2692"
    },
    {
      "name": "CVE-2009-2682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2682"
    },
    {
      "name": "CVE-2009-0696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0696"
    }
  ],
  "initial_release_date": "2009-09-30T00:00:00",
  "last_revision_date": "2009-09-30T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c01866178 du 21 septembre 2009 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01866178"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c01855358 du 21 septembre 2009 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01855358"
    }
  ],
  "reference": "CERTA-2009-AVI-413",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-09-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans HP-UX peuvent \u00eatre exploit\u00e9es afin\nde contourner la politique de s\u00e9curit\u00e9 ou pour provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans HP-UX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 HP-UX du 21 septembre 2009",
      "url": null
    }
  ]
}

GSD-2009-2692

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-2692

Aliases

CVE-2009-2692

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-2692",
    "description": "The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.",
    "id": "GSD-2009-2692",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-2692.html",
      "https://www.debian.org/security/2009/dsa-1865",
      "https://www.debian.org/security/2009/dsa-1864",
      "https://www.debian.org/security/2009/dsa-1862",
      "https://access.redhat.com/errata/RHSA-2009:1469",
      "https://access.redhat.com/errata/RHSA-2009:1457",
      "https://access.redhat.com/errata/RHSA-2009:1239",
      "https://access.redhat.com/errata/RHSA-2009:1233",
      "https://access.redhat.com/errata/RHSA-2009:1223",
      "https://access.redhat.com/errata/RHSA-2009:1222",
      "https://linux.oracle.com/cve/CVE-2009-2692.html",
      "https://packetstormsecurity.com/files/cve/CVE-2009-2692"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-2692"
      ],
      "details": "The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.",
      "id": "GSD-2009-2692",
      "modified": "2023-12-13T01:19:47.132910Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-2692",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2009:1233",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1233.html"
          },
          {
            "name": "36278",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36278"
          },
          {
            "name": "DSA-1865",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2009/dsa-1865"
          },
          {
            "name": "RHSA-2009:1223",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2009-1223.html"
          },
          {
            "name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
          },
          {
            "name": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5",
            "refsource": "CONFIRM",
            "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5"
          },
          {
            "name": "37298",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37298"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121"
          },
          {
            "name": "36430",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36430"
          },
          {
            "name": "37471",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37471"
          },
          {
            "name": "RHSA-2009:1222",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2009-1222.html"
          },
          {
            "name": "20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=516949",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516949"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-3103",
            "refsource": "CONFIRM",
            "url": "https://issues.rpath.com/browse/RPL-3103"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "19933",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/19933"
          },
          {
            "name": "ADV-2009-2272",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/2272"
          },
          {
            "name": "SUSE-SR:2009:015",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
          },
          {
            "name": "20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/505751/100/0/threaded"
          },
          {
            "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98",
            "refsource": "CONFIRM",
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98"
          },
          {
            "name": "36289",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36289"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "name": "36327",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/36327"
          },
          {
            "name": "http://support.avaya.com/css/P8/documents/100067254",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/css/P8/documents/100067254"
          },
          {
            "name": "http://grsecurity.net/~spender/wunderbar_emporium.tgz",
            "refsource": "MISC",
            "url": "http://grsecurity.net/~spender/wunderbar_emporium.tgz"
          },
          {
            "name": "oval:org.mitre.oval:def:11591",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591"
          },
          {
            "name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3",
            "refsource": "CONFIRM",
            "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3"
          },
          {
            "name": "oval:org.mitre.oval:def:11526",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526"
          },
          {
            "name": "MDVSA-2009:233",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:233"
          },
          {
            "name": "9477",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/9477"
          },
          {
            "name": "http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html",
            "refsource": "MISC",
            "url": "http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html"
          },
          {
            "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6",
            "refsource": "CONFIRM",
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6"
          },
          {
            "name": "oval:org.mitre.oval:def:8657",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657"
          },
          {
            "name": "[oss-security] 20090814 CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2009/08/14/1"
          },
          {
            "name": "36038",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/36038"
          },
          {
            "name": "20090818 rPSA-2009-0121-1 kernel open-vm-tools",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/505912/100/0/threaded"
          },
          {
            "name": "http://zenthought.org/content/file/android-root-2009-08-16-source",
            "refsource": "MISC",
            "url": "http://zenthought.org/content/file/android-root-2009-08-16-source"
          },
          {
            "name": "ADV-2009-3316",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5",
            "refsource": "CONFIRM",
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5960758C-4449-4D23-9EA6-92FB031C3725",
                    "versionEndExcluding": "2.4.37.5",
                    "versionStartIncluding": "2.4.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "39A91A11-DDAB-4C83-90A4-CFFC7652955E",
                    "versionEndExcluding": "2.6.30.5",
                    "versionStartIncluding": "2.6.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time:10:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AA6CB9DA-D313-4CE9-BB48-6C399156311C",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7F2976D5-83A5-4A52-A1E6-D0E17F23FD62",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "941713DB-B1DE-4953-9A9C-174EAFDCB3E6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "73322DEE-27A6-4D18-88A3-ED7F9CAEABD5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1F87B994-28E4-4095-8770-6433DE9C93AB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5B5DCF29-6830-45FF-BC88-17E2249C653D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket."
          },
          {
            "lang": "es",
            "value": "El kernel de Linux versiones 2.6.0 hasta 2.6.30.4 y 2.4.4 hasta 2.4.37.4, no inicia todos los punteros de funci\u00f3n para operaciones de socket en estructuras de proto_ops, lo que permite a los usuarios locales activar una desreferencia de puntero NULL y alcanzar privilegios mediante el uso de mmap que asigna la p\u00e1gina cero, inserta el c\u00f3digo arbitrario en esta p\u00e1gina y luego invoca una operaci\u00f3n no disponible, como es demostrado por la operaci\u00f3n de sendpage (funci\u00f3n sock_sendpage) en un socket PF_PPPOX."
          }
        ],
        "id": "CVE-2009-2692",
        "lastModified": "2024-02-08T23:50:03.097",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 10.0,
              "obtainAllPrivilege": true,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2009-08-14T15:16:27.500",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Exploit"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Issue Tracking"
            ],
            "url": "http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://grsecurity.net/~spender/wunderbar_emporium.tgz"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2009-1222.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2009-1223.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/36278"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/36289"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/36327"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/36430"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/37298"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/37471"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100067254"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1865"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.exploit-db.com/exploits/19933"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.exploit-db.com/exploits/9477"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:233"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/08/14/1"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1233.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/archive/1/505751/100/0/threaded"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/archive/1/505912/100/0/threaded"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/36038"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Patch",
              "Vendor Advisory"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2272"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "http://zenthought.org/content/file/android-root-2009-08-16-source"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking",
              "Patch"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516949"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "https://issues.rpath.com/browse/RPL-3103"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vendorComments": [
          {
            "comment": "Red Hat is aware of this issue. Please see http://kbase.redhat.com/faq/docs/DOC-18065.\n\nUpdates for Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG to correct this issue are available: https://rhn.redhat.com/cve/CVE-2009-2692.html",
            "lastModified": "2009-09-14T00:00:00",
            "organization": "Red Hat"
          }
        ],
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-908"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

FKIE_CVE-2009-2692

Vulnerability from fkie_nvd - Published: 2009-08-14 15:16 - Updated: 2025-04-09 00:30

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html	Broken Link, Exploit
cve@mitre.org	http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html	Exploit, Issue Tracking
cve@mitre.org	http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3	Broken Link
cve@mitre.org	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98	Broken Link
cve@mitre.org	http://grsecurity.net/~spender/wunderbar_emporium.tgz	Broken Link
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html	Mailing List
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2009-1222.html	Third Party Advisory
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2009-1223.html	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/36278	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/36289	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/36327	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/36430	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/37298	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/37471	Broken Link, Vendor Advisory
cve@mitre.org	http://support.avaya.com/css/P8/documents/100067254	Third Party Advisory
cve@mitre.org	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121	Broken Link
cve@mitre.org	http://www.debian.org/security/2009/dsa-1865	Mailing List, Third Party Advisory
cve@mitre.org	http://www.exploit-db.com/exploits/19933	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.exploit-db.com/exploits/9477	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5	Broken Link, Vendor Advisory
cve@mitre.org	http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5	Broken Link, Vendor Advisory
cve@mitre.org	http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6	Broken Link, Vendor Advisory
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:233	Broken Link
cve@mitre.org	http://www.openwall.com/lists/oss-security/2009/08/14/1	Mailing List, Patch
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2009-1233.html	Broken Link
cve@mitre.org	http://www.securityfocus.com/archive/1/505751/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/archive/1/505912/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/archive/1/507985/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/archive/1/512019/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/36038	Broken Link, Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	Third Party Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2272	Broken Link, Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3316	Broken Link, Vendor Advisory
cve@mitre.org	http://zenthought.org/content/file/android-root-2009-08-16-source	Broken Link
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=516949	Issue Tracking, Patch
cve@mitre.org	https://issues.rpath.com/browse/RPL-3103	Broken Link
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526	Broken Link
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591	Broken Link
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html	Broken Link, Exploit
af854a3a-2127-422b-91ae-364da2661108	http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html	Exploit, Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://grsecurity.net/~spender/wunderbar_emporium.tgz	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2009-1222.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2009-1223.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36278	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36289	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36327	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36430	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37298	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37471	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/css/P8/documents/100067254	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1865	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/19933	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/9477	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:233	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2009/08/14/1	Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1233.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/505751/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/505912/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/507985/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/512019/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36038	Broken Link, Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2272	Broken Link, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3316	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://zenthought.org/content/file/android-root-2009-08-16-source	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=516949	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-3103	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657	Broken Link

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
debian	debian_linux	4.0
suse	linux_enterprise_real_time	10
redhat	enterprise_linux_desktop	4.0
redhat	enterprise_linux_desktop	5.0
redhat	enterprise_linux_eus	4.8
redhat	enterprise_linux_eus	5.3
redhat	enterprise_linux_server	4.0
redhat	enterprise_linux_server	5.0
redhat	enterprise_linux_server_aus	5.3
redhat	enterprise_linux_workstation	4.0
redhat	enterprise_linux_workstation	5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5960758C-4449-4D23-9EA6-92FB031C3725",
              "versionEndExcluding": "2.4.37.5",
              "versionStartIncluding": "2.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39A91A11-DDAB-4C83-90A4-CFFC7652955E",
              "versionEndExcluding": "2.6.30.5",
              "versionStartIncluding": "2.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA6CB9DA-D313-4CE9-BB48-6C399156311C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F2976D5-83A5-4A52-A1E6-D0E17F23FD62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "941713DB-B1DE-4953-9A9C-174EAFDCB3E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "73322DEE-27A6-4D18-88A3-ED7F9CAEABD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F87B994-28E4-4095-8770-6433DE9C93AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B5DCF29-6830-45FF-BC88-17E2249C653D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket."
    },
    {
      "lang": "es",
      "value": "El kernel de Linux versiones 2.6.0 hasta 2.6.30.4 y 2.4.4 hasta 2.4.37.4, no inicia todos los punteros de funci\u00f3n para operaciones de socket en estructuras de proto_ops, lo que permite a los usuarios locales activar una desreferencia de puntero NULL y alcanzar privilegios mediante el uso de mmap que asigna la p\u00e1gina cero, inserta el c\u00f3digo arbitrario en esta p\u00e1gina y luego invoca una operaci\u00f3n no disponible, como es demostrado por la operaci\u00f3n de sendpage (funci\u00f3n sock_sendpage) en un socket PF_PPPOX."
    }
  ],
  "id": "CVE-2009-2692",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2009-08-14T15:16:27.500",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://grsecurity.net/~spender/wunderbar_emporium.tgz"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1222.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1223.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36278"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36289"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36327"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36430"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37298"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.avaya.com/css/P8/documents/100067254"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2009/dsa-1865"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/19933"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/9477"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:233"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2009/08/14/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1233.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/505751/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/505912/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/36038"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2272"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://zenthought.org/content/file/android-root-2009-08-16-source"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516949"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://issues.rpath.com/browse/RPL-3103"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://grsecurity.net/~spender/wunderbar_emporium.tgz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1222.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1223.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.avaya.com/css/P8/documents/100067254"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2009/dsa-1865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/19933"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.exploit-db.com/exploits/9477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:233"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2009/08/14/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1233.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/505751/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/505912/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/36038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://zenthought.org/content/file/android-root-2009-08-16-source"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://issues.rpath.com/browse/RPL-3103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue. Please see http://kbase.redhat.com/faq/docs/DOC-18065.\n\nUpdates for Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG to correct this issue are available: https://rhn.redhat.com/cve/CVE-2009-2692.html",
      "lastModified": "2009-09-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-908"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-J86M-G62R-5G7R

Vulnerability from github – Published: 2022-05-02 03:37 – Updated: 2024-02-09 00:31

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-2692"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-08-14T15:16:00Z",
    "severity": "HIGH"
  },
  "details": "The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.",
  "id": "GHSA-j86m-g62r-5g7r",
  "modified": "2024-02-09T00:31:33Z",
  "published": "2022-05-02T03:37:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2692"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516949"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-3103"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html"
    },
    {
      "type": "WEB",
      "url": "http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98"
    },
    {
      "type": "WEB",
      "url": "http://grsecurity.net/~spender/wunderbar_emporium.tgz"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1222.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1223.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36278"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36289"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36327"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36430"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37298"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/css/P8/documents/100067254"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1865"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/19933"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/9477"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:233"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2009/08/14/1"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1233.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/505751/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/505912/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36038"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/2272"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "type": "WEB",
      "url": "http://zenthought.org/content/file/android-root-2009-08-16-source"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-2692 (GCVE-0-2009-2692)

CERTA-2009-AVI-337

Description

Solution

CERTA-2009-AVI-513

Description

Solution

CERTA-2010-AVI-293

Description

Solution

CERTA-2009-AVI-413

Description

Solution

GSD-2009-2692

FKIE_CVE-2009-2692

GHSA-J86M-G62R-5G7R

Tags

Sightings

Nomenclature