Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-2692

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

Published

2009-08-14T15:16:27.500

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-908

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 2.4.37.5	Yes
Operating System	linux	linux_kernel	< 2.6.30.5	Yes
Operating System	debian	debian_linux	4.0	Yes
Operating System	suse	linux_enterprise_real_time	10	Yes
Operating System	redhat	enterprise_linux_desktop	4.0	Yes
Operating System	redhat	enterprise_linux_desktop	5.0	Yes
Operating System	redhat	enterprise_linux_eus	4.8	Yes
Operating System	redhat	enterprise_linux_eus	5.3	Yes
Operating System	redhat	enterprise_linux_server	4.0	Yes
Operating System	redhat	enterprise_linux_server	5.0	Yes
Operating System	redhat	enterprise_linux_server_aus	5.3	Yes
Operating System	redhat	enterprise_linux_workstation	4.0	Yes
Operating System	redhat	enterprise_linux_workstation	5.0	Yes

References

http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html Broken Link, Exploit ([email protected])
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html Exploit, Issue Tracking ([email protected])
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3 Broken Link ([email protected])
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98 Broken Link ([email protected])
http://grsecurity.net/~spender/wunderbar_emporium.tgz Broken Link ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html Mailing List ([email protected])
http://rhn.redhat.com/errata/RHSA-2009-1222.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2009-1223.html Third Party Advisory ([email protected])
http://secunia.com/advisories/36278 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/36289 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/36327 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/36430 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/37298 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/37471 Broken Link, Vendor Advisory ([email protected])
http://support.avaya.com/css/P8/documents/100067254 Third Party Advisory ([email protected])
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121 Broken Link ([email protected])
http://www.debian.org/security/2009/dsa-1865 Mailing List, Third Party Advisory ([email protected])
http://www.exploit-db.com/exploits/19933 Exploit, Third Party Advisory, VDB Entry ([email protected])
http://www.exploit-db.com/exploits/9477 Third Party Advisory, VDB Entry ([email protected])
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5 Broken Link, Vendor Advisory ([email protected])
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5 Broken Link, Vendor Advisory ([email protected])
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6 Broken Link, Vendor Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2009:233 Broken Link ([email protected])
http://www.openwall.com/lists/oss-security/2009/08/14/1 Mailing List, Patch ([email protected])
http://www.redhat.com/support/errata/RHSA-2009-1233.html Broken Link ([email protected])
http://www.securityfocus.com/archive/1/505751/100/0/threaded Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/505912/100/0/threaded Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/507985/100/0/threaded Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/512019/100/0/threaded Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/36038 Broken Link, Exploit, Third Party Advisory, VDB Entry ([email protected])
http://www.vmware.com/security/advisories/VMSA-2009-0016.html Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/2272 Broken Link, Patch, Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/3316 Broken Link, Vendor Advisory ([email protected])
http://zenthought.org/content/file/android-root-2009-08-16-source Broken Link ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=516949 Issue Tracking, Patch ([email protected])
https://issues.rpath.com/browse/RPL-3103 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657 Broken Link ([email protected])
http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html Broken Link, Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html Exploit, Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://grsecurity.net/~spender/wunderbar_emporium.tgz Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2009-1222.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2009-1223.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36278 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36289 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36327 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36430 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37298 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37471 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/css/P8/documents/100067254 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1865 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/19933 Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/9477 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:233 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2009/08/14/1 Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2009-1233.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/505751/100/0/threaded Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/505912/100/0/threaded Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/507985/100/0/threaded Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/512019/100/0/threaded Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/36038 Broken Link, Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2009-0016.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/2272 Broken Link, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/3316 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://zenthought.org/content/file/android-root-2009-08-16-source Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=516949 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-3103 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657 Broken Link (af854a3a-2127-422b-91ae-364da2661108)