Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-2187

Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ and (b) DL_DISABMULTI_REQ messages with ARP messages.

Security Impact Summary

CVE-2009-2187 is a security vulnerability that . Impacting 2 products from sun, from sun organizations running these solutions should prioritize assessment and patching.

Historical Context

Originally identified in 2009, this vulnerability predates many modern security frameworks and practices. The vulnerability landscape of that era was characterized by different threat models and less mature defense mechanisms compared to contemporary standards.

Published

2009-06-25T01:30:01.843

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

6.9

Weaknesses

Type: Primary
CWE-399

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	sun	opensolaris	snv_67	Yes
Operating System	sun	opensolaris	snv_68	Yes
Operating System	sun	opensolaris	snv_69	Yes
Operating System	sun	opensolaris	snv_70	Yes
Operating System	sun	opensolaris	snv_71	Yes
Operating System	sun	opensolaris	snv_72	Yes
Operating System	sun	opensolaris	snv_73	Yes
Operating System	sun	opensolaris	snv_74	Yes
Operating System	sun	opensolaris	snv_75	Yes
Operating System	sun	opensolaris	snv_76	Yes
Operating System	sun	opensolaris	snv_77	Yes
Operating System	sun	opensolaris	snv_78	Yes
Operating System	sun	opensolaris	snv_79	Yes
Operating System	sun	opensolaris	snv_80	Yes
Operating System	sun	opensolaris	snv_81	Yes
Operating System	sun	opensolaris	snv_82	Yes
Operating System	sun	opensolaris	snv_83	Yes
Operating System	sun	opensolaris	snv_84	Yes
Operating System	sun	opensolaris	snv_85	Yes
Operating System	sun	opensolaris	snv_86	Yes
Operating System	sun	opensolaris	snv_87	Yes
Operating System	sun	opensolaris	snv_88	Yes
Operating System	sun	opensolaris	snv_89	Yes
Operating System	sun	opensolaris	snv_90	Yes
Operating System	sun	opensolaris	snv_91	Yes
Operating System	sun	opensolaris	snv_92	Yes
Operating System	sun	opensolaris	snv_93	Yes
Operating System	sun	solaris	10.0	Yes
Operating System	sun	opensolaris	snv_67	Yes
Operating System	sun	opensolaris	snv_68	Yes
Operating System	sun	opensolaris	snv_69	Yes
Operating System	sun	opensolaris	snv_70	Yes
Operating System	sun	opensolaris	snv_71	Yes
Operating System	sun	opensolaris	snv_72	Yes
Operating System	sun	opensolaris	snv_73	Yes
Operating System	sun	opensolaris	snv_74	Yes
Operating System	sun	opensolaris	snv_75	Yes
Operating System	sun	opensolaris	snv_76	Yes
Operating System	sun	opensolaris	snv_77	Yes
Operating System	sun	opensolaris	snv_78	Yes
Operating System	sun	opensolaris	snv_79	Yes
Operating System	sun	opensolaris	snv_80	Yes
Operating System	sun	opensolaris	snv_81	Yes
Operating System	sun	opensolaris	snv_82	Yes
Operating System	sun	opensolaris	snv_83	Yes
Operating System	sun	opensolaris	snv_84	Yes
Operating System	sun	opensolaris	snv_85	Yes
Operating System	sun	opensolaris	snv_86	Yes
Operating System	sun	opensolaris	snv_87	Yes
Operating System	sun	opensolaris	snv_88	Yes
Operating System	sun	opensolaris	snv_89	Yes
Operating System	sun	opensolaris	snv_90	Yes
Operating System	sun	opensolaris	snv_91	Yes
Operating System	sun	opensolaris	snv_92	Yes
Operating System	sun	opensolaris	snv_93	Yes
Operating System	sun	solaris	10.0	Yes

References

http://bugs.opensolaris.org/view_bug.do?bug_id=6709252 ([email protected])
http://bugs.opensolaris.org/view_bug.do?bug_id=6731600 Exploit ([email protected])
http://secunia.com/advisories/35552 Vendor Advisory ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-01-1 Patch ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-66-262408-1 Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/35474 Patch ([email protected])
http://bugs.opensolaris.org/view_bug.do?bug_id=6709252 (af854a3a-2127-422b-91ae-364da2661108)
http://bugs.opensolaris.org/view_bug.do?bug_id=6731600 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35552 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-01-1 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-262408-1 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/35474 Patch (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For sun's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.