Vulnerability-Lookup

CVE-2009-3547 (GCVE-0-2009-3547)

Vulnerability from cvelistv5 – Published: 2009-11-04 15:00 – Updated: 2024-08-07 06:31

Summary

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2009-16…	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/archive/1/512019/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/36901	vdb-entryx_refsource_BID
	http://git.kernel.org/?p=linux/kernel/git/torvald…	x_refsource_CONFIRM
	https://rhn.redhat.com/errata/RHSA-2009-1540.html	vendor-advisoryx_refsource_REDHAT
	http://www.ubuntu.com/usn/usn-864-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/38794	third-party-advisoryx_refsource_SECUNIA
	http://lists.vmware.com/pipermail/security-announ…	mailing-listx_refsource_MLIST
	http://lkml.org/lkml/2009/10/21/42	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://rhn.redhat.com/errata/RHSA-2009-1541.html	vendor-advisoryx_refsource_REDHAT
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/37351	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://marc.info/?l=oss-security&m=125724568017045&w=2	mailing-listx_refsource_MLIST
	https://rhn.redhat.com/errata/RHSA-2009-1548.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/38834	third-party-advisoryx_refsource_SECUNIA
	http://lkml.org/lkml/2009/10/14/184	mailing-listx_refsource_MLIST
	https://rhn.redhat.com/errata/RHSA-2009-1550.html	vendor-advisoryx_refsource_REDHAT
	http://www.kernel.org/pub/linux/kernel/v2.6/testi…	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=530490	x_refsource_CONFIRM
	http://secunia.com/advisories/38017	third-party-advisoryx_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/0528	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:31:10.441Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:11513",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513"
          },
          {
            "name": "RHSA-2009:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1672.html"
          },
          {
            "name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
          },
          {
            "name": "36901",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36901"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c"
          },
          {
            "name": "RHSA-2009:1540",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
          },
          {
            "name": "USN-864-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-864-1"
          },
          {
            "name": "38794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "name": "[linux-kernel] 20091021 Re: [PATCH v4 1/1]: fs: pipe.c null pointer dereference + really sign off + unmangled diffs",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lkml.org/lkml/2009/10/21/42"
          },
          {
            "name": "SUSE-SA:2010:001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
          },
          {
            "name": "RHSA-2009:1541",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1541.html"
          },
          {
            "name": "MDVSA-2009:329",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
          },
          {
            "name": "37351",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37351"
          },
          {
            "name": "SUSE-SA:2009:056",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
          },
          {
            "name": "SUSE-SA:2010:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
          },
          {
            "name": "oval:org.mitre.oval:def:7608",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608"
          },
          {
            "name": "[oss-security] 20091103 CVE-2009-3547 kernel: fs: pipe.c null pointer dereference",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=125724568017045\u0026w=2"
          },
          {
            "name": "RHSA-2009:1548",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
          },
          {
            "name": "38834",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "name": "[linux-kernel] 20091014 fs/pipe.c null pointer dereference",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lkml.org/lkml/2009/10/14/184"
          },
          {
            "name": "RHSA-2009:1550",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6"
          },
          {
            "name": "oval:org.mitre.oval:def:9327",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327"
          },
          {
            "name": "SUSE-SA:2009:054",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530490"
          },
          {
            "name": "38017",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38017"
          },
          {
            "name": "FEDORA-2009-11038",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
          },
          {
            "name": "ADV-2010-0528",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:11513",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513"
        },
        {
          "name": "RHSA-2009:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1672.html"
        },
        {
          "name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
        },
        {
          "name": "36901",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36901"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c"
        },
        {
          "name": "RHSA-2009:1540",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
        },
        {
          "name": "USN-864-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-864-1"
        },
        {
          "name": "38794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38794"
        },
        {
          "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
        },
        {
          "name": "[linux-kernel] 20091021 Re: [PATCH v4 1/1]: fs: pipe.c null pointer dereference + really sign off + unmangled diffs",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lkml.org/lkml/2009/10/21/42"
        },
        {
          "name": "SUSE-SA:2010:001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
        },
        {
          "name": "RHSA-2009:1541",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1541.html"
        },
        {
          "name": "MDVSA-2009:329",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
        },
        {
          "name": "37351",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37351"
        },
        {
          "name": "SUSE-SA:2009:056",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
        },
        {
          "name": "SUSE-SA:2010:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
        },
        {
          "name": "oval:org.mitre.oval:def:7608",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608"
        },
        {
          "name": "[oss-security] 20091103 CVE-2009-3547 kernel: fs: pipe.c null pointer dereference",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=125724568017045\u0026w=2"
        },
        {
          "name": "RHSA-2009:1548",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
        },
        {
          "name": "38834",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38834"
        },
        {
          "name": "[linux-kernel] 20091014 fs/pipe.c null pointer dereference",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lkml.org/lkml/2009/10/14/184"
        },
        {
          "name": "RHSA-2009:1550",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6"
        },
        {
          "name": "oval:org.mitre.oval:def:9327",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327"
        },
        {
          "name": "SUSE-SA:2009:054",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530490"
        },
        {
          "name": "38017",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38017"
        },
        {
          "name": "FEDORA-2009-11038",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
        },
        {
          "name": "ADV-2010-0528",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0528"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-3547",
    "datePublished": "2009-11-04T15:00:00.000Z",
    "dateReserved": "2009-10-05T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:31:10.441Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-106

Vulnerability from certfr_avis - Published: 2010-03-04 - Updated: 2010-03-04

Plusieurs vulnérabilités découvertes dans les produits VMware peuvent être exploitées à distance par un utilisateur malintentionné afin de compromettre le système ou d'entraver son bon fonctionnement.

Description

Les vulnérabilités présentes dans les produits VMware peuvent être exploitées afin de porter atteinte à l'intégrité et à la confidentialité des données, de réaliser un déni de service, d'injecter et d'exécuter indirectement du code arbitraire, d'élever ses privilèges ou d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware vMA 4.0 sans le patch 3.
VMware	N/A	VMware ESX 3.0.3 ;
VMware	N/A	VMware ESX 3.5 ;
VMware	N/A	VMware ESX 2.5.5 ;
VMware	N/A	VMware ESX 4.0 sans les patchs SX400-201002404-SG, SX400-201002406-SG, SX400-201002407-SG ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware du 03 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware vMA 4.0 sans le patch 3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 3.0.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 2.5.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 4.0 sans les patchs SX400-201002404-SG, SX400-201002406-SG, SX400-201002407-SG ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLes vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits VMware peuvent \u00eatre\nexploit\u00e9es afin de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, de r\u00e9aliser un d\u00e9ni de service, d\u0027injecter et d\u0027ex\u00e9cuter\nindirectement du code arbitraire, d\u0027\u00e9lever ses privil\u00e8ges ou d\u0027ex\u00e9cuter\ndu code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2905"
    },
    {
      "name": "CVE-2009-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1387"
    },
    {
      "name": "CVE-2009-3560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3560"
    },
    {
      "name": "CVE-2009-2849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2849"
    },
    {
      "name": "CVE-2009-3916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3916"
    },
    {
      "name": "CVE-2009-0115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0115"
    },
    {
      "name": "CVE-2009-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1379"
    },
    {
      "name": "CVE-2009-3613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3613"
    },
    {
      "name": "CVE-2009-4022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4022"
    },
    {
      "name": "CVE-2009-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
    },
    {
      "name": "CVE-2009-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3620"
    },
    {
      "name": "CVE-2009-1189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1189"
    },
    {
      "name": "CVE-2009-3228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3228"
    },
    {
      "name": "CVE-2009-3547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3547"
    },
    {
      "name": "CVE-2009-2695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2695"
    },
    {
      "name": "CVE-2008-4316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4316"
    },
    {
      "name": "CVE-2009-1378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1378"
    },
    {
      "name": "CVE-2008-3916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3916"
    },
    {
      "name": "CVE-2009-1386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1386"
    },
    {
      "name": "CVE-2009-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1377"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2009-3286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3286"
    },
    {
      "name": "CVE-2008-4552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4552"
    },
    {
      "name": "CVE-2009-3612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3612"
    },
    {
      "name": "CVE-2009-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3621"
    },
    {
      "name": "CVE-2009-3720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3720"
    },
    {
      "name": "CVE-2009-2904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2904"
    },
    {
      "name": "CVE-2009-2908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2908"
    },
    {
      "name": "CVE-2009-3726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3726"
    }
  ],
  "initial_release_date": "2010-03-04T00:00:00",
  "last_revision_date": "2010-03-04T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-106",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits VMware peuvent\n\u00eatre exploit\u00e9es \u00e0 distance par un utilisateur malintentionn\u00e9 afin de\ncompromettre le syst\u00e8me ou d\u0027entraver son bon fonctionnement.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware du 03 mars 2010",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    }
  ]
}

CERTA-2010-AVI-293

Vulnerability from certfr_avis - Published: 2010-06-28 - Updated: 2010-06-28

Plusieurs vulnérabilités ont été corrigées dans VMware ESX. Elles permettent, entre autre, l'élévation de privilèges.

Description

Plusieurs vulnérabilités ont été corrigées dans VMware ESX dont certaines liées à la mise à jour du noyau linux kernel-2.4.21-60.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

VMware ESX 3.5 sans le correctif ESX350-201006401-SG.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité VMware #1022899 du 24 juin 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eVMware ESX 3.5 sans le correctif  ESX350-201006401-SG.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans VMware ESX dont\ncertaines li\u00e9es \u00e0 la mise \u00e0 jour du noyau linux kernel-2.4.21-60.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2692"
    },
    {
      "name": "CVE-2009-1385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1385"
    },
    {
      "name": "CVE-2008-5300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5300"
    },
    {
      "name": "CVE-2009-1895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1895"
    },
    {
      "name": "CVE-2009-3002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3002"
    },
    {
      "name": "CVE-2009-3547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3547"
    },
    {
      "name": "CVE-2009-2848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2848"
    },
    {
      "name": "CVE-2008-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5029"
    },
    {
      "name": "CVE-2009-2698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2698"
    },
    {
      "name": "CVE-2009-1337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1337"
    }
  ],
  "initial_release_date": "2010-06-28T00:00:00",
  "last_revision_date": "2010-06-28T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-293",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-06-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans VMware ESX. Elles\npermettent, entre autre, l\u0027\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware ESX Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware #1022899 du 24 juin 2010",
      "url": "http://kb.vmware.com/kb/1022899"
    }
  ]
}

CERTA-2009-AVI-475

Vulnerability from certfr_avis - Published: 2009-11-04 - Updated: 2009-11-04

Une vulnérabilité présente dans le noyau Linux permet à un utilisateur local de provoquer un déni de service ou d'élever ses privilèges.

Description

Une vulnérabilité de type 'pointeur nul' (null pointer) relative à la gestion des tubes (pipes) est présente dans le noyau Linux. Cette faille permet à un utilisateur local malintentionné de provoquer un déni de service ou d'obtenir des privilèges élevés.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

La version 2.6.32-rc6 du noyau Linux corrige le problème :

http://www.kernel.org

Linux 2.6.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Rapport de bogue noyau #14416 du 16 octobre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLinux 2.6.x.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type \u0027pointeur nul\u0027 (null pointer) relative \u00e0 la\ngestion des tubes (pipes) est pr\u00e9sente dans le noyau Linux. Cette faille\npermet \u00e0 un utilisateur local malintentionn\u00e9 de provoquer un d\u00e9ni de\nservice ou d\u0027obtenir des privil\u00e8ges \u00e9lev\u00e9s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nLa version 2.6.32-rc6 du noyau Linux corrige le probl\u00e8me :\n\n    http://www.kernel.org\n",
  "cves": [
    {
      "name": "CVE-2009-3547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3547"
    }
  ],
  "initial_release_date": "2009-11-04T00:00:00",
  "last_revision_date": "2009-11-04T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-475",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans le noyau Linux permet \u00e0 un utilisateur\nlocal de provoquer un d\u00e9ni de service ou d\u0027\u00e9lever ses privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 du noyau Linux",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Rapport de bogue noyau #14416 du 16 octobre 2009",
      "url": "http://bugzilla.kernel.org/show_bug.cgi?id=14416"
    }
  ]
}

FKIE_CVE-2009-3547

Vulnerability from fkie_nvd - Published: 2009-11-04 15:30 - Updated: 2025-04-09 00:30

Severity ?

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secalert@redhat.com	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c	Broken Link
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html	Broken Link, Mailing List, Third Party Advisory
secalert@redhat.com	http://lists.vmware.com/pipermail/security-announce/2010/000082.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://lkml.org/lkml/2009/10/14/184	Exploit, Mailing List
secalert@redhat.com	http://lkml.org/lkml/2009/10/21/42	Mailing List, Patch
secalert@redhat.com	http://marc.info/?l=oss-security&m=125724568017045&w=2	Mailing List, Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/37351	Broken Link
secalert@redhat.com	http://secunia.com/advisories/38017	Broken Link
secalert@redhat.com	http://secunia.com/advisories/38794	Broken Link
secalert@redhat.com	http://secunia.com/advisories/38834	Broken Link
secalert@redhat.com	http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6	Broken Link
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:329	Broken Link
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-1672.html	Broken Link
secalert@redhat.com	http://www.securityfocus.com/archive/1/512019/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securityfocus.com/bid/36901	Broken Link, Exploit, Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.ubuntu.com/usn/usn-864-1	Third Party Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/0528	Broken Link
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=530490	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513	Broken Link, Third Party Advisory
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608	Broken Link, Third Party Advisory
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327	Broken Link, Third Party Advisory
secalert@redhat.com	https://rhn.redhat.com/errata/RHSA-2009-1540.html	Third Party Advisory
secalert@redhat.com	https://rhn.redhat.com/errata/RHSA-2009-1541.html	Third Party Advisory
secalert@redhat.com	https://rhn.redhat.com/errata/RHSA-2009-1548.html	Third Party Advisory
secalert@redhat.com	https://rhn.redhat.com/errata/RHSA-2009-1550.html	Third Party Advisory
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html	Broken Link, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2010/000082.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lkml.org/lkml/2009/10/14/184	Exploit, Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://lkml.org/lkml/2009/10/21/42	Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=oss-security&m=125724568017045&w=2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37351	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38017	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38794	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38834	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:329	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1672.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/512019/100/0/threaded	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36901	Broken Link, Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-864-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0528	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=530490	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327	Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://rhn.redhat.com/errata/RHSA-2009-1540.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://rhn.redhat.com/errata/RHSA-2009-1541.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://rhn.redhat.com/errata/RHSA-2009-1548.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://rhn.redhat.com/errata/RHSA-2009-1550.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html	Mailing List

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	2.6.32
linux	linux_kernel	2.6.32
linux	linux_kernel	2.6.32
linux	linux_kernel	2.6.32
linux	linux_kernel	2.6.32
linux	linux_kernel	2.6.32
novell	linux_desktop	9
opensuse	opensuse	11.0
opensuse	opensuse	11.2
suse	suse_linux_enterprise_desktop	10
suse	suse_linux_enterprise_server	10
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10
canonical	ubuntu_linux	9.04
canonical	ubuntu_linux	9.10
fedoraproject	fedora	10
vmware	vma	4.0
vmware	esx	4.0
redhat	mrg_realtime	1.0
redhat	enterprise_linux_desktop	3.0
redhat	enterprise_linux_desktop	4.0
redhat	enterprise_linux_desktop	5.0
redhat	enterprise_linux_eus	4.8
redhat	enterprise_linux_eus	5.4
redhat	enterprise_linux_server	3.0
redhat	enterprise_linux_server	4.0
redhat	enterprise_linux_server	5.0
redhat	enterprise_linux_workstation	3.0
redhat	enterprise_linux_workstation	4.0
redhat	enterprise_linux_workstation	5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEC4349F-7F67-435F-8909-94648A0E8F90",
              "versionEndIncluding": "2.6.31.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:-:*:*:*:*:*:*",
              "matchCriteriaId": "37B2E2B1-3E39-4DBA-817D-08F34D9F6E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C85D4E0A-14DA-4884-AF6F-A0F54304430F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1C8471AA-44D7-4D19-82B6-C4B999C65F97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "218DE1D1-3843-4076-9AE4-70AA0FD99B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "2677114B-AF05-42EB-BBC8-FA85CD631C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "FA8D64E1-A700-4D9E-9063-EC3CFC1A6D98",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5595E484-647C-4F85-94AB-5A4D55CD766B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "14DF1463-F23F-465F-8A35-D550A7438CB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "02E6A767-B9A5-4054-BE70-286E0A464248",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7426B5AC-D0FD-424D-9A1E-0875C2102D0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:mrg_realtime:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04A20072-7DB7-4079-9456-E2CE98F888E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F2976D5-83A5-4A52-A1E6-D0E17F23FD62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DD6917D-FE03-487F-9F2C-A79B5FCFBC5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "397313C3-6BF5-4A87-90B3-55678E807171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "73322DEE-27A6-4D18-88A3-ED7F9CAEABD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2FE6DAA-4702-409A-98B6-DE13B12805A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B5DCF29-6830-45FF-BC88-17E2249C653D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples condiciones de carrera en fs/pipe.c en el kernel de Linux anteriores a  v2.6.32-rc6 permite a usuarios locales producir una denegaci\u00f3n de servicio )desreferencia a puntero NULL y ca\u00edda del sistema) o conseguir privilegios mediante la apertura de un canal an\u00f3nimo en la ruta /proc/*/fd/."
    }
  ],
  "id": "CVE-2009-3547",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2009-11-04T15:30:00.640",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Mailing List"
      ],
      "url": "http://lkml.org/lkml/2009/10/14/184"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://lkml.org/lkml/2009/10/21/42"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=oss-security\u0026m=125724568017045\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/37351"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/38017"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1672.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/36901"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-864-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530490"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1541.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List"
      ],
      "url": "http://lkml.org/lkml/2009/10/14/184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://lkml.org/lkml/2009/10/21/42"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=oss-security\u0026m=125724568017045\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/37351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/38017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1672.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/36901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-864-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1541.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        },
        {
          "lang": "en",
          "value": "CWE-476"
        },
        {
          "lang": "en",
          "value": "CWE-672"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-QF89-P9HJ-7H7G

Vulnerability from github – Published: 2022-05-02 03:46 – Updated: 2022-05-02 03:46

Details

Severity ?

7.0 (High)


                  
                    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3547"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-11-04T15:30:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.",
  "id": "GHSA-qf89-p9hj-7h7g",
  "modified": "2022-05-02T03:46:19Z",
  "published": "2022-05-02T03:46:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3547"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1541.html"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530490"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2009-3547"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2009:1672"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2009:1588"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2009:1587"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2009:1550"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2009:1548"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2009:1541"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2009:1540"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad3960243e55320d74195fb85c975e0a8cc4466c"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "type": "WEB",
      "url": "http://lkml.org/lkml/2009/10/14/184"
    },
    {
      "type": "WEB",
      "url": "http://lkml.org/lkml/2009/10/21/42"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=oss-security\u0026m=125724568017045\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37351"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38017"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1672.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36901"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-864-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2009-3547

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-3547

Aliases

CVE-2009-3547

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3547",
    "description": "Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.",
    "id": "GSD-2009-3547",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-3547.html",
      "https://www.debian.org/security/2009/dsa-1928",
      "https://www.debian.org/security/2009/dsa-1929",
      "https://www.debian.org/security/2009/dsa-1927",
      "https://access.redhat.com/errata/RHSA-2009:1672",
      "https://access.redhat.com/errata/RHSA-2009:1588",
      "https://access.redhat.com/errata/RHSA-2009:1587",
      "https://access.redhat.com/errata/RHSA-2009:1550",
      "https://access.redhat.com/errata/RHSA-2009:1548",
      "https://access.redhat.com/errata/RHSA-2009:1541",
      "https://access.redhat.com/errata/RHSA-2009:1540",
      "https://linux.oracle.com/cve/CVE-2009-3547.html",
      "https://packetstormsecurity.com/files/cve/CVE-2009-3547"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3547"
      ],
      "details": "Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.",
      "id": "GSD-2009-3547",
      "modified": "2023-12-13T01:19:49.512843Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2009-3547",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html",
            "refsource": "MISC",
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "name": "http://secunia.com/advisories/38794",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "http://secunia.com/advisories/38834",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/0528",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/512019/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
          },
          {
            "name": "https://rhn.redhat.com/errata/RHSA-2009-1550.html",
            "refsource": "MISC",
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
          },
          {
            "name": "http://secunia.com/advisories/38017",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38017"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-864-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-864-1"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
          },
          {
            "name": "http://secunia.com/advisories/37351",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/37351"
          },
          {
            "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c",
            "refsource": "MISC",
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c"
          },
          {
            "name": "http://lkml.org/lkml/2009/10/14/184",
            "refsource": "MISC",
            "url": "http://lkml.org/lkml/2009/10/14/184"
          },
          {
            "name": "http://lkml.org/lkml/2009/10/21/42",
            "refsource": "MISC",
            "url": "http://lkml.org/lkml/2009/10/21/42"
          },
          {
            "name": "http://marc.info/?l=oss-security\u0026m=125724568017045\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=oss-security\u0026m=125724568017045\u0026w=2"
          },
          {
            "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6",
            "refsource": "MISC",
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2009-1672.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1672.html"
          },
          {
            "name": "http://www.securityfocus.com/bid/36901",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/36901"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327"
          },
          {
            "name": "https://rhn.redhat.com/errata/RHSA-2009-1540.html",
            "refsource": "MISC",
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
          },
          {
            "name": "https://rhn.redhat.com/errata/RHSA-2009-1541.html",
            "refsource": "MISC",
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1541.html"
          },
          {
            "name": "https://rhn.redhat.com/errata/RHSA-2009-1548.html",
            "refsource": "MISC",
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=530490",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530490"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BEC4349F-7F67-435F-8909-94648A0E8F90",
                    "versionEndIncluding": "2.6.31.14",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:-:*:*:*:*:*:*",
                    "matchCriteriaId": "37B2E2B1-3E39-4DBA-817D-08F34D9F6E53",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc1:*:*:*:*:*:*",
                    "matchCriteriaId": "C85D4E0A-14DA-4884-AF6F-A0F54304430F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc2:*:*:*:*:*:*",
                    "matchCriteriaId": "1C8471AA-44D7-4D19-82B6-C4B999C65F97",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc3:*:*:*:*:*:*",
                    "matchCriteriaId": "218DE1D1-3843-4076-9AE4-70AA0FD99B3E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc4:*:*:*:*:*:*",
                    "matchCriteriaId": "2677114B-AF05-42EB-BBC8-FA85CD631C21",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc5:*:*:*:*:*:*",
                    "matchCriteriaId": "FA8D64E1-A700-4D9E-9063-EC3CFC1A6D98",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5595E484-647C-4F85-94AB-5A4D55CD766B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
                    "matchCriteriaId": "14DF1463-F23F-465F-8A35-D550A7438CB6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp2:*:*:*:*:*:*",
                    "matchCriteriaId": "02E6A767-B9A5-4054-BE70-286E0A464248",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
                    "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7426B5AC-D0FD-424D-9A1E-0875C2102D0D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:redhat:mrg_realtime:1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "04A20072-7DB7-4079-9456-E2CE98F888E7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7F2976D5-83A5-4A52-A1E6-D0E17F23FD62",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4DD6917D-FE03-487F-9F2C-A79B5FCFBC5A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "397313C3-6BF5-4A87-90B3-55678E807171",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "73322DEE-27A6-4D18-88A3-ED7F9CAEABD5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E2FE6DAA-4702-409A-98B6-DE13B12805A1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5B5DCF29-6830-45FF-BC88-17E2249C653D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname."
          },
          {
            "lang": "es",
            "value": "M\u00faltiples condiciones de carrera en fs/pipe.c en el kernel de Linux anteriores a  v2.6.32-rc6 permite a usuarios locales producir una denegaci\u00f3n de servicio )desreferencia a puntero NULL y ca\u00edda del sistema) o conseguir privilegios mediante la apertura de un canal an\u00f3nimo en la ruta /proc/*/fd/."
          }
        ],
        "id": "CVE-2009-3547",
        "lastModified": "2024-02-15T21:12:00.877",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.9,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              "exploitabilityScore": 3.4,
              "impactScore": 10.0,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.0,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2009-11-04T15:30:00.640",
        "references": [
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Exploit",
              "Mailing List"
            ],
            "url": "http://lkml.org/lkml/2009/10/14/184"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "http://lkml.org/lkml/2009/10/21/42"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=125724568017045\u0026w=2"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://secunia.com/advisories/37351"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://secunia.com/advisories/38017"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1672.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/36901"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www.ubuntu.com/usn/usn-864-1"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking",
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530490"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Third Party Advisory"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Third Party Advisory"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Third Party Advisory"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1541.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-362"
              },
              {
                "lang": "en",
                "value": "CWE-476"
              },
              {
                "lang": "en",
                "value": "CWE-672"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-3547 (GCVE-0-2009-3547)

CERTA-2010-AVI-106

Description

Solution

CERTA-2010-AVI-293

Description

Solution

CERTA-2009-AVI-475

Description

Solution

FKIE_CVE-2009-3547

GHSA-QF89-P9HJ-7H7G

GSD-2009-3547

Tags

Sightings

Nomenclature