Vulnerabilites related to vmware - vma
CVE-2009-2848 (GCVE-0-2009-2848)
Vulnerability from cvelistv5
Published
2009-08-18 20:41
Modified
2024-08-07 06:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "USN-852-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-852-1"
},
{
"name": "RHSA-2009:1243",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1243.html"
},
{
"name": "36759",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36759"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "37351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37351"
},
{
"name": "SUSE-SA:2009:056",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
},
{
"name": "SUSE-SA:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"name": "oval:org.mitre.oval:def:9766",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766"
},
{
"name": "oval:org.mitre.oval:def:11412",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "36562",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36562"
},
{
"name": "FEDORA-2009-9044",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html"
},
{
"name": "kernel-execve-dos(52899)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52899"
},
{
"name": "[linux-kernel] 20090801 [PATCH v2] execve: must clear current-\u003eclear_child_tid",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.linux.kernel/871942"
},
{
"name": "35983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35983"
},
{
"name": "RHSA-2009:1550",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
},
{
"name": "36501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36501"
},
{
"name": "oval:org.mitre.oval:def:8598",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598"
},
{
"name": "[oss-security] 20090804 CVE request - kernel: execve: must clear current-\u003eclear_child_tid",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/04/2"
},
{
"name": "[oss-security] 20090805 Re: CVE request - kernel: execve: must clear current-\u003eclear_child_tid",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/05/10"
},
{
"name": "RHSA-2009:1438",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1438.html"
},
{
"name": "SUSE-SA:2009:054",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "37105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current-\u003eclear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "USN-852-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-852-1"
},
{
"name": "RHSA-2009:1243",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1243.html"
},
{
"name": "36759",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36759"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "37351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37351"
},
{
"name": "SUSE-SA:2009:056",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
},
{
"name": "SUSE-SA:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"name": "oval:org.mitre.oval:def:9766",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766"
},
{
"name": "oval:org.mitre.oval:def:11412",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "36562",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36562"
},
{
"name": "FEDORA-2009-9044",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html"
},
{
"name": "kernel-execve-dos(52899)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52899"
},
{
"name": "[linux-kernel] 20090801 [PATCH v2] execve: must clear current-\u003eclear_child_tid",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.linux.kernel/871942"
},
{
"name": "35983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35983"
},
{
"name": "RHSA-2009:1550",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
},
{
"name": "36501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36501"
},
{
"name": "oval:org.mitre.oval:def:8598",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598"
},
{
"name": "[oss-security] 20090804 CVE request - kernel: execve: must clear current-\u003eclear_child_tid",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/04/2"
},
{
"name": "[oss-security] 20090805 Re: CVE request - kernel: execve: must clear current-\u003eclear_child_tid",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/05/10"
},
{
"name": "RHSA-2009:1438",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1438.html"
},
{
"name": "SUSE-SA:2009:054",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "37105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current-\u003eclear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"name": "37471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37471"
},
{
"name": "USN-852-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-852-1"
},
{
"name": "RHSA-2009:1243",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1243.html"
},
{
"name": "36759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36759"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "37351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37351"
},
{
"name": "SUSE-SA:2009:056",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
},
{
"name": "SUSE-SA:2010:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"name": "oval:org.mitre.oval:def:9766",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766"
},
{
"name": "oval:org.mitre.oval:def:11412",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "36562",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36562"
},
{
"name": "FEDORA-2009-9044",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html"
},
{
"name": "kernel-execve-dos(52899)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52899"
},
{
"name": "[linux-kernel] 20090801 [PATCH v2] execve: must clear current-\u003eclear_child_tid",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.linux.kernel/871942"
},
{
"name": "35983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35983"
},
{
"name": "RHSA-2009:1550",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
},
{
"name": "36501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36501"
},
{
"name": "oval:org.mitre.oval:def:8598",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598"
},
{
"name": "[oss-security] 20090804 CVE request - kernel: execve: must clear current-\u003eclear_child_tid",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/04/2"
},
{
"name": "[oss-security] 20090805 Re: CVE request - kernel: execve: must clear current-\u003eclear_child_tid",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/05/10"
},
{
"name": "RHSA-2009:1438",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1438.html"
},
{
"name": "SUSE-SA:2009:054",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "37105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2848",
"datePublished": "2009-08-18T20:41:00",
"dateReserved": "2009-08-18T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0778 (GCVE-0-2009-0778)
Vulnerability from cvelistv5
Published
2009-03-12 15:00
Modified
2024-08-07 04:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:0326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "33758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33758"
},
{
"name": "oval:org.mitre.oval:def:10215",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:7867",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25"
},
{
"name": "[oss-security] 20090311 CVE-2009-0778 kernel: rt_cache leak",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/03/11/2"
},
{
"name": "1021958",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021958"
},
{
"name": "linux-kernel-rtcache-dos(49199)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49199"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=485163"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "34084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an \"rt_cache leak.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2009:0326",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "33758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33758"
},
{
"name": "oval:org.mitre.oval:def:10215",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:7867",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25"
},
{
"name": "[oss-security] 20090311 CVE-2009-0778 kernel: rt_cache leak",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/03/11/2"
},
{
"name": "1021958",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021958"
},
{
"name": "linux-kernel-rtcache-dos(49199)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49199"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=485163"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "34084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34084"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0778",
"datePublished": "2009-03-12T15:00:00",
"dateReserved": "2009-03-03T00:00:00",
"dateUpdated": "2024-08-07T04:48:52.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1072 (GCVE-0-2009-1072)
Vulnerability from cvelistv5
Published
2009-03-25 01:00
Modified
2024-08-07 04:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35390"
},
{
"name": "34432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34432"
},
{
"name": "34422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34422"
},
{
"name": "ADV-2009-0802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0802"
},
{
"name": "34786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34786"
},
{
"name": "[oss-security] 20090323 CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/1"
},
{
"name": "34205",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34205"
},
{
"name": "SUSE-SA:2009:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "35656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "[linux-kernel] 20090311 VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.linux.kernel/805280"
},
{
"name": "SUSE-SA:2009:030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"name": "35185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35185"
},
{
"name": "oval:org.mitre.oval:def:10314",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:8382",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382"
},
{
"name": "SUSE-SA:2009:031",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"name": "SUSE-SA:2009:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html"
},
{
"name": "USN-793-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-793-1"
},
{
"name": "RHSA-2009:1081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1081.html"
},
{
"name": "DSA-1800",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1800"
},
{
"name": "35343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35343"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"name": "linux-kernel-capmknod-security-bypass(49356)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911"
},
{
"name": "35121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35121"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "35394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35394"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35390",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35390"
},
{
"name": "34432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34432"
},
{
"name": "34422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34422"
},
{
"name": "ADV-2009-0802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0802"
},
{
"name": "34786",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34786"
},
{
"name": "[oss-security] 20090323 CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/1"
},
{
"name": "34205",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34205"
},
{
"name": "SUSE-SA:2009:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "35656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "[linux-kernel] 20090311 VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://thread.gmane.org/gmane.linux.kernel/805280"
},
{
"name": "SUSE-SA:2009:030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"name": "35185",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35185"
},
{
"name": "oval:org.mitre.oval:def:10314",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:8382",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382"
},
{
"name": "SUSE-SA:2009:031",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"name": "SUSE-SA:2009:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html"
},
{
"name": "USN-793-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-793-1"
},
{
"name": "RHSA-2009:1081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1081.html"
},
{
"name": "DSA-1800",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1800"
},
{
"name": "35343",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35343"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"name": "linux-kernel-capmknod-security-bypass(49356)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911"
},
{
"name": "35121",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35121"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "35394",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35394"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35390"
},
{
"name": "34432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34432"
},
{
"name": "34422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34422"
},
{
"name": "ADV-2009-0802",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0802"
},
{
"name": "34786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34786"
},
{
"name": "[oss-security] 20090323 CVE request: kernel: nfsd did not drop CAP_MKNOD for non-root",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/1"
},
{
"name": "34205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34205"
},
{
"name": "SUSE-SA:2009:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"name": "37471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37471"
},
{
"name": "35656",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35656"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "[linux-kernel] 20090311 VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK?",
"refsource": "MLIST",
"url": "http://thread.gmane.org/gmane.linux.kernel/805280"
},
{
"name": "SUSE-SA:2009:030",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"name": "35185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35185"
},
{
"name": "oval:org.mitre.oval:def:10314",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:8382",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382"
},
{
"name": "SUSE-SA:2009:031",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"name": "SUSE-SA:2009:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html"
},
{
"name": "USN-793-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-793-1"
},
{
"name": "RHSA-2009:1081",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1081.html"
},
{
"name": "DSA-1800",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1800"
},
{
"name": "35343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35343"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"name": "linux-kernel-capmknod-security-bypass(49356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=76a67ec6fb79ff3570dcb5342142c16098299911",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=76a67ec6fb79ff3570dcb5342142c16098299911"
},
{
"name": "35121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35121"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "35394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35394"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1072",
"datePublished": "2009-03-25T01:00:00",
"dateReserved": "2009-03-24T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3547 (GCVE-0-2009-3547)
Vulnerability from cvelistv5
Published
2009-11-04 15:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11513",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513"
},
{
"name": "RHSA-2009:1672",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1672.html"
},
{
"name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"name": "36901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36901"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c"
},
{
"name": "RHSA-2009:1540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
},
{
"name": "USN-864-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "[linux-kernel] 20091021 Re: [PATCH v4 1/1]: fs: pipe.c null pointer dereference + really sign off + unmangled diffs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lkml.org/lkml/2009/10/21/42"
},
{
"name": "SUSE-SA:2010:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"name": "RHSA-2009:1541",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1541.html"
},
{
"name": "MDVSA-2009:329",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
},
{
"name": "37351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37351"
},
{
"name": "SUSE-SA:2009:056",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
},
{
"name": "SUSE-SA:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"name": "oval:org.mitre.oval:def:7608",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608"
},
{
"name": "[oss-security] 20091103 CVE-2009-3547 kernel: fs: pipe.c null pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=125724568017045\u0026w=2"
},
{
"name": "RHSA-2009:1548",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
},
{
"name": "38834",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38834"
},
{
"name": "[linux-kernel] 20091014 fs/pipe.c null pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lkml.org/lkml/2009/10/14/184"
},
{
"name": "RHSA-2009:1550",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6"
},
{
"name": "oval:org.mitre.oval:def:9327",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327"
},
{
"name": "SUSE-SA:2009:054",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=530490"
},
{
"name": "38017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38017"
},
{
"name": "FEDORA-2009-11038",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11513",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513"
},
{
"name": "RHSA-2009:1672",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1672.html"
},
{
"name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"name": "36901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36901"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c"
},
{
"name": "RHSA-2009:1540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
},
{
"name": "USN-864-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "[linux-kernel] 20091021 Re: [PATCH v4 1/1]: fs: pipe.c null pointer dereference + really sign off + unmangled diffs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lkml.org/lkml/2009/10/21/42"
},
{
"name": "SUSE-SA:2010:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"name": "RHSA-2009:1541",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1541.html"
},
{
"name": "MDVSA-2009:329",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
},
{
"name": "37351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37351"
},
{
"name": "SUSE-SA:2009:056",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
},
{
"name": "SUSE-SA:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"name": "oval:org.mitre.oval:def:7608",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608"
},
{
"name": "[oss-security] 20091103 CVE-2009-3547 kernel: fs: pipe.c null pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=125724568017045\u0026w=2"
},
{
"name": "RHSA-2009:1548",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
},
{
"name": "38834",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38834"
},
{
"name": "[linux-kernel] 20091014 fs/pipe.c null pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lkml.org/lkml/2009/10/14/184"
},
{
"name": "RHSA-2009:1550",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6"
},
{
"name": "oval:org.mitre.oval:def:9327",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327"
},
{
"name": "SUSE-SA:2009:054",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=530490"
},
{
"name": "38017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38017"
},
{
"name": "FEDORA-2009-11038",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3547",
"datePublished": "2009-11-04T15:00:00",
"dateReserved": "2009-10-05T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2752 (GCVE-0-2012-2752)
Vulnerability from cvelistv5
Published
2012-06-01 20:00
Modified
2024-08-06 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027099",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027099"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0010.html"
},
{
"name": "49300",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49300"
},
{
"name": "53697",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53697"
},
{
"name": "82276",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/82276"
},
{
"name": "49322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49322"
},
{
"name": "vmware-vma-unspec-priv-esc(75891)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1027099",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027099"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0010.html"
},
{
"name": "49300",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49300"
},
{
"name": "53697",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53697"
},
{
"name": "82276",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/82276"
},
{
"name": "49322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49322"
},
{
"name": "vmware-vma-unspec-priv-esc(75891)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027099",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027099"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2012-0010.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0010.html"
},
{
"name": "49300",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49300"
},
{
"name": "53697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53697"
},
{
"name": "82276",
"refsource": "OSVDB",
"url": "http://osvdb.org/82276"
},
{
"name": "49322",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49322"
},
{
"name": "vmware-vma-unspec-priv-esc(75891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2752",
"datePublished": "2012-06-01T20:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:32.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2416 (GCVE-0-2009-2416)
Vulnerability from cvelistv5
Published
2009-08-11 18:00
Modified
2025-01-21 15:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-815-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-815-1"
},
{
"name": "FEDORA-2009-8491",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html"
},
{
"name": "36631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36631"
},
{
"name": "oval:org.mitre.oval:def:9262",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515205"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html"
},
{
"name": "APPLE-SA-2009-11-11-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
},
{
"name": "ADV-2009-3217",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3217"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "ADV-2009-2420",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2420"
},
{
"name": "FEDORA-2009-8580",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "36417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36417"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.codenomicon.com/labs/xml/"
},
{
"name": "SUSE-SR:2009:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3949"
},
{
"name": "[debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html"
},
{
"name": "36010",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59"
},
{
"name": "35036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35036"
},
{
"name": "36338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36338"
},
{
"name": "FEDORA-2009-8498",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html"
},
{
"name": "oval:org.mitre.oval:def:7783",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "DSA-1859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1859"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "37346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37346"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "36207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36207"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2009-2416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T15:40:41.228438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T15:30:42.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-815-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-815-1"
},
{
"name": "FEDORA-2009-8491",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html"
},
{
"name": "36631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36631"
},
{
"name": "oval:org.mitre.oval:def:9262",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515205"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html"
},
{
"name": "APPLE-SA-2009-11-11-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
},
{
"name": "ADV-2009-3217",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3217"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "ADV-2009-2420",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2420"
},
{
"name": "FEDORA-2009-8580",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "36417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36417"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.codenomicon.com/labs/xml/"
},
{
"name": "SUSE-SR:2009:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3949"
},
{
"name": "[debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html"
},
{
"name": "36010",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59"
},
{
"name": "35036",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35036"
},
{
"name": "36338",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36338"
},
{
"name": "FEDORA-2009-8498",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html"
},
{
"name": "oval:org.mitre.oval:def:7783",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783"
},
{
"name": "ADV-2009-3184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "DSA-1859",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1859"
},
{
"name": "APPLE-SA-2009-11-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "37346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37346"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "36207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36207"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-2416",
"datePublished": "2009-08-11T18:00:00",
"dateReserved": "2009-07-09T00:00:00",
"dateUpdated": "2025-01-21T15:30:42.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3621 (GCVE-0-2009-3621)
Vulnerability from cvelistv5
Published
2009-10-22 15:26
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20091019 CVE request: kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/19/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=529626"
},
{
"name": "[linux-kernel] 20091019 Re: [PATCH] AF_UNIX: Fix deadlock on connecting to shutdown socket",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lkml.org/lkml/2009/10/19/50"
},
{
"name": "RHSA-2009:1671",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1671.html"
},
{
"name": "[oss-security] 20091019 Re: CVE request: kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/19/4"
},
{
"name": "RHSA-2009:1540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
},
{
"name": "SUSE-SA:2009:061",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"name": "USN-864-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "SUSE-SA:2010:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"name": "MDVSA-2009:329",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
},
{
"name": "SUSE-SA:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=77238f2b942b38ab4e7f3aced44084493e4a8675"
},
{
"name": "37909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37909"
},
{
"name": "oval:org.mitre.oval:def:9921",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9921"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://patchwork.kernel.org/patch/54678/"
},
{
"name": "RHSA-2009:1670",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1670.html"
},
{
"name": "SUSE-SA:2009:064",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"name": "38834",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38834"
},
{
"name": "oval:org.mitre.oval:def:6895",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6895"
},
{
"name": "SUSE-SA:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
},
{
"name": "37086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37086"
},
{
"name": "38017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38017"
},
{
"name": "FEDORA-2009-11038",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20091019 CVE request: kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/19/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=529626"
},
{
"name": "[linux-kernel] 20091019 Re: [PATCH] AF_UNIX: Fix deadlock on connecting to shutdown socket",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lkml.org/lkml/2009/10/19/50"
},
{
"name": "RHSA-2009:1671",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1671.html"
},
{
"name": "[oss-security] 20091019 Re: CVE request: kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/19/4"
},
{
"name": "RHSA-2009:1540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
},
{
"name": "SUSE-SA:2009:061",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"name": "USN-864-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "SUSE-SA:2010:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"name": "MDVSA-2009:329",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
},
{
"name": "SUSE-SA:2010:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=77238f2b942b38ab4e7f3aced44084493e4a8675"
},
{
"name": "37909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37909"
},
{
"name": "oval:org.mitre.oval:def:9921",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9921"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://patchwork.kernel.org/patch/54678/"
},
{
"name": "RHSA-2009:1670",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1670.html"
},
{
"name": "SUSE-SA:2009:064",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"name": "38834",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38834"
},
{
"name": "oval:org.mitre.oval:def:6895",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6895"
},
{
"name": "SUSE-SA:2010:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
},
{
"name": "37086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37086"
},
{
"name": "38017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38017"
},
{
"name": "FEDORA-2009-11038",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3621",
"datePublished": "2009-10-22T15:26:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-10-22 16:00
Modified
2025-04-09 00:30
Severity ?
Summary
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=77238f2b942b38ab4e7f3aced44084493e4a8675 | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.vmware.com/pipermail/security-announce/2010/000082.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lkml.org/lkml/2009/10/19/50 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://patchwork.kernel.org/patch/54678/ | Exploit, Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37086 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/37909 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/38017 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/38794 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/38834 | Broken Link | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:329 | Broken Link | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2009/10/19/2 | Exploit, Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2009/10/19/4 | Exploit, Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-1670.html | Broken Link | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-1671.html | Broken Link | |
| secalert@redhat.com | http://www.ubuntu.com/usn/usn-864-1 | Third Party Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/0528 | Broken Link | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=529626 | Exploit, Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6895 | Third Party Advisory | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9921 | Third Party Advisory | |
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1540.html | Third Party Advisory | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=77238f2b942b38ab4e7f3aced44084493e4a8675 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000082.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lkml.org/lkml/2009/10/19/50 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://patchwork.kernel.org/patch/54678/ | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37086 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37909 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38017 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38794 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38834 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:329 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/10/19/2 | Exploit, Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/10/19/4 | Exploit, Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-1670.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-1671.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-864-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0528 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=529626 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6895 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9921 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1540.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| canonical | ubuntu_linux | 9.04 | |
| canonical | ubuntu_linux | 9.10 | |
| fedoraproject | fedora | 10 | |
| opensuse | opensuse | 11.0 | |
| opensuse | opensuse | 11.2 | |
| suse | suse_linux_enterprise_desktop | 10 | |
| suse | suse_linux_enterprise_desktop | 10 | |
| suse | suse_linux_enterprise_server | 10 | |
| suse | suse_linux_enterprise_server | 10 | |
| vmware | vma | 4.0 | |
| vmware | esx | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3D7715A-8ED8-48D3-B467-CFC9430B6D45",
"versionEndIncluding": "2.6.31.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*",
"matchCriteriaId": "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "14DF1463-F23F-465F-8A35-D550A7438CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F140C5CF-5141-4F8D-B667-522A698AC632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "02E6A767-B9A5-4054-BE70-286E0A464248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A516C153-239B-4F41-88B4-8B8D4F92115C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7426B5AC-D0FD-424D-9A1E-0875C2102D0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket."
},
{
"lang": "es",
"value": "net/unix/af_unix.c en el kernel de Linux v2.6.31.4 y anteriores permite a usuarios locales causar una denegaci\u00f3n de servicio (el servidor se bloquea) creando un socket abstract-namespace AF_UNIX y realizando una operaci\u00f3n de apagado en ese socket, para luego luego realizar una serie de operaciones de conexi\u00f3n en dicho socket."
}
],
"id": "CVE-2009-3621",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2009-10-22T16:00:00.640",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=77238f2b942b38ab4e7f3aced44084493e4a8675"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lkml.org/lkml/2009/10/19/50"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://patchwork.kernel.org/patch/54678/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37086"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37909"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38017"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38794"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38834"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/19/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/19/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1670.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1671.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=529626"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6895"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9921"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=77238f2b942b38ab4e7f3aced44084493e4a8675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lkml.org/lkml/2009/10/19/50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://patchwork.kernel.org/patch/54678/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/19/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/19/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1670.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1671.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=529626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-3621\n\nThis issue has been rated as having moderate security impact.\n\nIt was addressed in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1671.html , https://rhn.redhat.com/errata/RHSA-2009-1670.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively.\n\nThis issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed.\n\nFor further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/",
"lastModified": "2009-12-17T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-12 15:20
Modified
2025-04-09 00:30
Severity ?
Summary
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2009/03/11/2 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/33758 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/37471 | Broken Link | |
| secalert@redhat.com | http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25 | Broken Link | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0326.html | Broken Link | |
| secalert@redhat.com | http://www.securityfocus.com/archive/1/507985/100/0/threaded | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securityfocus.com/bid/34084 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securitytracker.com/id?1021958 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.vmware.com/security/advisories/VMSA-2009-0016.html | Third Party Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/3316 | Broken Link | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=485163 | Exploit, Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/49199 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215 | Third Party Advisory | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/03/11/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33758 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37471 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0326.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/507985/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34084 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1021958 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0016.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3316 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=485163 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/49199 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.0 | |
| linux | linux_kernel | 2.6.1 | |
| linux | linux_kernel | 2.6.1 | |
| linux | linux_kernel | 2.6.1 | |
| linux | linux_kernel | 2.6.1 | |
| linux | linux_kernel | 2.6.2 | |
| linux | linux_kernel | 2.6.2 | |
| linux | linux_kernel | 2.6.2 | |
| linux | linux_kernel | 2.6.2 | |
| linux | linux_kernel | 2.6.3 | |
| linux | linux_kernel | 2.6.3 | |
| linux | linux_kernel | 2.6.3 | |
| linux | linux_kernel | 2.6.3 | |
| linux | linux_kernel | 2.6.3 | |
| linux | linux_kernel | 2.6.4 | |
| linux | linux_kernel | 2.6.4 | |
| linux | linux_kernel | 2.6.4 | |
| linux | linux_kernel | 2.6.4 | |
| linux | linux_kernel | 2.6.5 | |
| linux | linux_kernel | 2.6.5 | |
| linux | linux_kernel | 2.6.5 | |
| linux | linux_kernel | 2.6.5 | |
| linux | linux_kernel | 2.6.6 | |
| linux | linux_kernel | 2.6.6 | |
| linux | linux_kernel | 2.6.6 | |
| linux | linux_kernel | 2.6.6 | |
| linux | linux_kernel | 2.6.7 | |
| linux | linux_kernel | 2.6.7 | |
| linux | linux_kernel | 2.6.7 | |
| linux | linux_kernel | 2.6.7 | |
| linux | linux_kernel | 2.6.8 | |
| linux | linux_kernel | 2.6.8 | |
| linux | linux_kernel | 2.6.8 | |
| linux | linux_kernel | 2.6.8 | |
| linux | linux_kernel | 2.6.8 | |
| linux | linux_kernel | 2.6.8.1 | |
| linux | linux_kernel | 2.6.9 | |
| linux | linux_kernel | 2.6.9 | |
| linux | linux_kernel | 2.6.9 | |
| linux | linux_kernel | 2.6.9 | |
| linux | linux_kernel | 2.6.9 | |
| linux | linux_kernel | 2.6.10 | |
| linux | linux_kernel | 2.6.10 | |
| linux | linux_kernel | 2.6.10 | |
| linux | linux_kernel | 2.6.10 | |
| linux | linux_kernel | 2.6.11 | |
| linux | linux_kernel | 2.6.11 | |
| linux | linux_kernel | 2.6.11 | |
| linux | linux_kernel | 2.6.11 | |
| linux | linux_kernel | 2.6.11 | |
| linux | linux_kernel | 2.6.11 | |
| linux | linux_kernel | 2.6.11.1 | |
| linux | linux_kernel | 2.6.11.2 | |
| linux | linux_kernel | 2.6.11.3 | |
| linux | linux_kernel | 2.6.11.4 | |
| linux | linux_kernel | 2.6.11.5 | |
| linux | linux_kernel | 2.6.11.6 | |
| linux | linux_kernel | 2.6.11.7 | |
| linux | linux_kernel | 2.6.11.8 | |
| linux | linux_kernel | 2.6.11.9 | |
| linux | linux_kernel | 2.6.11.10 | |
| linux | linux_kernel | 2.6.11.11 | |
| linux | linux_kernel | 2.6.11.12 | |
| linux | linux_kernel | 2.6.12 | |
| linux | linux_kernel | 2.6.12 | |
| linux | linux_kernel | 2.6.12 | |
| linux | linux_kernel | 2.6.12 | |
| linux | linux_kernel | 2.6.12 | |
| linux | linux_kernel | 2.6.12 | |
| linux | linux_kernel | 2.6.12 | |
| linux | linux_kernel | 2.6.12.1 | |
| linux | linux_kernel | 2.6.12.2 | |
| linux | linux_kernel | 2.6.12.3 | |
| linux | linux_kernel | 2.6.12.4 | |
| linux | linux_kernel | 2.6.12.5 | |
| linux | linux_kernel | 2.6.12.6 | |
| linux | linux_kernel | 2.6.13 | |
| linux | linux_kernel | 2.6.13 | |
| linux | linux_kernel | 2.6.13 | |
| linux | linux_kernel | 2.6.13 | |
| linux | linux_kernel | 2.6.13 | |
| linux | linux_kernel | 2.6.13 | |
| linux | linux_kernel | 2.6.13 | |
| linux | linux_kernel | 2.6.13 | |
| linux | linux_kernel | 2.6.13.1 | |
| linux | linux_kernel | 2.6.13.2 | |
| linux | linux_kernel | 2.6.13.3 | |
| linux | linux_kernel | 2.6.13.4 | |
| linux | linux_kernel | 2.6.13.5 | |
| linux | linux_kernel | 2.6.14 | |
| linux | linux_kernel | 2.6.14 | |
| linux | linux_kernel | 2.6.14 | |
| linux | linux_kernel | 2.6.14 | |
| linux | linux_kernel | 2.6.14 | |
| linux | linux_kernel | 2.6.14 | |
| linux | linux_kernel | 2.6.14.1 | |
| linux | linux_kernel | 2.6.14.2 | |
| linux | linux_kernel | 2.6.14.3 | |
| linux | linux_kernel | 2.6.14.4 | |
| linux | linux_kernel | 2.6.14.5 | |
| linux | linux_kernel | 2.6.14.6 | |
| linux | linux_kernel | 2.6.14.7 | |
| linux | linux_kernel | 2.6.15 | |
| linux | linux_kernel | 2.6.15 | |
| linux | linux_kernel | 2.6.15 | |
| linux | linux_kernel | 2.6.15 | |
| linux | linux_kernel | 2.6.15 | |
| linux | linux_kernel | 2.6.15 | |
| linux | linux_kernel | 2.6.15 | |
| linux | linux_kernel | 2.6.15 | |
| linux | linux_kernel | 2.6.15.1 | |
| linux | linux_kernel | 2.6.15.2 | |
| linux | linux_kernel | 2.6.15.3 | |
| linux | linux_kernel | 2.6.15.4 | |
| linux | linux_kernel | 2.6.15.5 | |
| linux | linux_kernel | 2.6.15.6 | |
| linux | linux_kernel | 2.6.15.7 | |
| linux | linux_kernel | 2.6.15.8 | |
| linux | linux_kernel | 2.6.15.9 | |
| linux | linux_kernel | 2.6.15.10 | |
| linux | linux_kernel | 2.6.15.11 | |
| linux | linux_kernel | 2.6.16 | |
| linux | linux_kernel | 2.6.16 | |
| linux | linux_kernel | 2.6.16 | |
| linux | linux_kernel | 2.6.16 | |
| linux | linux_kernel | 2.6.16 | |
| linux | linux_kernel | 2.6.16 | |
| linux | linux_kernel | 2.6.16 | |
| linux | linux_kernel | 2.6.16.1 | |
| linux | linux_kernel | 2.6.16.2 | |
| linux | linux_kernel | 2.6.16.3 | |
| linux | linux_kernel | 2.6.16.4 | |
| linux | linux_kernel | 2.6.16.5 | |
| linux | linux_kernel | 2.6.16.6 | |
| linux | linux_kernel | 2.6.16.7 | |
| linux | linux_kernel | 2.6.16.8 | |
| linux | linux_kernel | 2.6.16.9 | |
| linux | linux_kernel | 2.6.16.10 | |
| linux | linux_kernel | 2.6.16.11 | |
| linux | linux_kernel | 2.6.16.12 | |
| linux | linux_kernel | 2.6.16.13 | |
| linux | linux_kernel | 2.6.16.14 | |
| linux | linux_kernel | 2.6.16.15 | |
| linux | linux_kernel | 2.6.16.16 | |
| linux | linux_kernel | 2.6.16.17 | |
| linux | linux_kernel | 2.6.16.18 | |
| linux | linux_kernel | 2.6.16.19 | |
| linux | linux_kernel | 2.6.16.20 | |
| linux | linux_kernel | 2.6.16.21 | |
| linux | linux_kernel | 2.6.16.22 | |
| linux | linux_kernel | 2.6.16.23 | |
| linux | linux_kernel | 2.6.16.24 | |
| linux | linux_kernel | 2.6.16.25 | |
| linux | linux_kernel | 2.6.16.26 | |
| linux | linux_kernel | 2.6.16.27 | |
| linux | linux_kernel | 2.6.16.28 | |
| linux | linux_kernel | 2.6.16.29 | |
| linux | linux_kernel | 2.6.16.30 | |
| linux | linux_kernel | 2.6.16.31 | |
| linux | linux_kernel | 2.6.16.32 | |
| linux | linux_kernel | 2.6.16.33 | |
| linux | linux_kernel | 2.6.16.34 | |
| linux | linux_kernel | 2.6.16.35 | |
| linux | linux_kernel | 2.6.16.36 | |
| linux | linux_kernel | 2.6.16.37 | |
| linux | linux_kernel | 2.6.16.38 | |
| linux | linux_kernel | 2.6.16.39 | |
| linux | linux_kernel | 2.6.16.40 | |
| linux | linux_kernel | 2.6.16.41 | |
| linux | linux_kernel | 2.6.16.42 | |
| linux | linux_kernel | 2.6.16.43 | |
| linux | linux_kernel | 2.6.16.44 | |
| linux | linux_kernel | 2.6.16.45 | |
| linux | linux_kernel | 2.6.16.46 | |
| linux | linux_kernel | 2.6.16.47 | |
| linux | linux_kernel | 2.6.16.48 | |
| linux | linux_kernel | 2.6.16.49 | |
| linux | linux_kernel | 2.6.16.50 | |
| linux | linux_kernel | 2.6.16.51 | |
| linux | linux_kernel | 2.6.16.52 | |
| linux | linux_kernel | 2.6.16.53 | |
| linux | linux_kernel | 2.6.16.54 | |
| linux | linux_kernel | 2.6.16.55 | |
| linux | linux_kernel | 2.6.16.56 | |
| linux | linux_kernel | 2.6.16.57 | |
| linux | linux_kernel | 2.6.16.58 | |
| linux | linux_kernel | 2.6.16.59 | |
| linux | linux_kernel | 2.6.16.60 | |
| linux | linux_kernel | 2.6.16.61 | |
| linux | linux_kernel | 2.6.16.62 | |
| linux | linux_kernel | 2.6.17 | |
| linux | linux_kernel | 2.6.17 | |
| linux | linux_kernel | 2.6.17 | |
| linux | linux_kernel | 2.6.17 | |
| linux | linux_kernel | 2.6.17 | |
| linux | linux_kernel | 2.6.17 | |
| linux | linux_kernel | 2.6.17 | |
| linux | linux_kernel | 2.6.17.1 | |
| linux | linux_kernel | 2.6.17.2 | |
| linux | linux_kernel | 2.6.17.3 | |
| linux | linux_kernel | 2.6.17.4 | |
| linux | linux_kernel | 2.6.17.5 | |
| linux | linux_kernel | 2.6.17.6 | |
| linux | linux_kernel | 2.6.17.7 | |
| linux | linux_kernel | 2.6.17.8 | |
| linux | linux_kernel | 2.6.17.9 | |
| linux | linux_kernel | 2.6.17.10 | |
| linux | linux_kernel | 2.6.17.11 | |
| linux | linux_kernel | 2.6.17.12 | |
| linux | linux_kernel | 2.6.17.13 | |
| linux | linux_kernel | 2.6.17.14 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18 | |
| linux | linux_kernel | 2.6.18.1 | |
| linux | linux_kernel | 2.6.18.2 | |
| linux | linux_kernel | 2.6.18.3 | |
| linux | linux_kernel | 2.6.18.4 | |
| linux | linux_kernel | 2.6.18.5 | |
| linux | linux_kernel | 2.6.18.6 | |
| linux | linux_kernel | 2.6.18.7 | |
| linux | linux_kernel | 2.6.18.8 | |
| linux | linux_kernel | 2.6.19 | |
| linux | linux_kernel | 2.6.19 | |
| linux | linux_kernel | 2.6.19 | |
| linux | linux_kernel | 2.6.19 | |
| linux | linux_kernel | 2.6.19 | |
| linux | linux_kernel | 2.6.19.1 | |
| linux | linux_kernel | 2.6.19.2 | |
| linux | linux_kernel | 2.6.19.3 | |
| linux | linux_kernel | 2.6.19.4 | |
| linux | linux_kernel | 2.6.19.5 | |
| linux | linux_kernel | 2.6.19.6 | |
| linux | linux_kernel | 2.6.19.7 | |
| linux | linux_kernel | 2.6.20 | |
| linux | linux_kernel | 2.6.20 | |
| linux | linux_kernel | 2.6.20.1 | |
| linux | linux_kernel | 2.6.20.2 | |
| linux | linux_kernel | 2.6.20.3 | |
| linux | linux_kernel | 2.6.20.4 | |
| linux | linux_kernel | 2.6.20.5 | |
| linux | linux_kernel | 2.6.20.6 | |
| linux | linux_kernel | 2.6.20.7 | |
| linux | linux_kernel | 2.6.20.8 | |
| linux | linux_kernel | 2.6.20.9 | |
| linux | linux_kernel | 2.6.20.10 | |
| linux | linux_kernel | 2.6.20.11 | |
| linux | linux_kernel | 2.6.20.12 | |
| linux | linux_kernel | 2.6.20.13 | |
| linux | linux_kernel | 2.6.20.14 | |
| linux | linux_kernel | 2.6.20.15 | |
| linux | linux_kernel | 2.6.20.16 | |
| linux | linux_kernel | 2.6.20.17 | |
| linux | linux_kernel | 2.6.20.18 | |
| linux | linux_kernel | 2.6.20.19 | |
| linux | linux_kernel | 2.6.20.20 | |
| linux | linux_kernel | 2.6.20.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21 | |
| linux | linux_kernel | 2.6.21.1 | |
| linux | linux_kernel | 2.6.21.2 | |
| linux | linux_kernel | 2.6.21.3 | |
| linux | linux_kernel | 2.6.21.4 | |
| linux | linux_kernel | 2.6.21.5 | |
| linux | linux_kernel | 2.6.21.6 | |
| linux | linux_kernel | 2.6.21.7 | |
| linux | linux_kernel | 2.6.22 | |
| linux | linux_kernel | 2.6.22 | |
| linux | linux_kernel | 2.6.22.1 | |
| linux | linux_kernel | 2.6.22.2 | |
| linux | linux_kernel | 2.6.22.3 | |
| linux | linux_kernel | 2.6.22.4 | |
| linux | linux_kernel | 2.6.22.5 | |
| linux | linux_kernel | 2.6.22.6 | |
| linux | linux_kernel | 2.6.22.7 | |
| linux | linux_kernel | 2.6.22.8 | |
| linux | linux_kernel | 2.6.22.9 | |
| linux | linux_kernel | 2.6.22.10 | |
| linux | linux_kernel | 2.6.22.11 | |
| linux | linux_kernel | 2.6.22.12 | |
| linux | linux_kernel | 2.6.22.13 | |
| linux | linux_kernel | 2.6.22.14 | |
| linux | linux_kernel | 2.6.22.15 | |
| linux | linux_kernel | 2.6.22.16 | |
| linux | linux_kernel | 2.6.22.17 | |
| linux | linux_kernel | 2.6.22.18 | |
| linux | linux_kernel | 2.6.22.19 | |
| linux | linux_kernel | 2.6.22.20 | |
| linux | linux_kernel | 2.6.23 | |
| linux | linux_kernel | 2.6.23 | |
| linux | linux_kernel | 2.6.23 | |
| linux | linux_kernel | 2.6.23.1 | |
| linux | linux_kernel | 2.6.23.2 | |
| linux | linux_kernel | 2.6.23.3 | |
| linux | linux_kernel | 2.6.23.4 | |
| linux | linux_kernel | 2.6.23.5 | |
| linux | linux_kernel | 2.6.23.6 | |
| linux | linux_kernel | 2.6.23.8 | |
| linux | linux_kernel | 2.6.23.9 | |
| linux | linux_kernel | 2.6.23.10 | |
| linux | linux_kernel | 2.6.23.11 | |
| linux | linux_kernel | 2.6.23.12 | |
| linux | linux_kernel | 2.6.23.13 | |
| linux | linux_kernel | 2.6.23.14 | |
| linux | linux_kernel | 2.6.23.15 | |
| linux | linux_kernel | 2.6.23.16 | |
| linux | linux_kernel | 2.6.23.17 | |
| linux | linux_kernel | 2.6.24 | |
| linux | linux_kernel | 2.6.24 | |
| linux | linux_kernel | 2.6.24 | |
| linux | linux_kernel | 2.6.24 | |
| linux | linux_kernel | 2.6.24 | |
| linux | linux_kernel | 2.6.24 | |
| linux | linux_kernel | 2.6.24.1 | |
| linux | linux_kernel | 2.6.24.2 | |
| linux | linux_kernel | 2.6.24.3 | |
| linux | linux_kernel | 2.6.24.4 | |
| linux | linux_kernel | 2.6.24.5 | |
| linux | linux_kernel | 2.6.24.6 | |
| vmware | vcenter | 4.0 | |
| vmware | virtualcenter | 2.0.2 | |
| vmware | virtualcenter | 2.5 | |
| microsoft | windows | - | |
| vmware | server | 2.0.0 | |
| vmware | esx | 2.5.5 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esx | 4.0 | |
| vmware | vma | 4.0 | |
| redhat | enterprise_linux | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4298B94-7040-4CC0-8933-61CE1D967FB7",
"versionEndIncluding": "2.6.24.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142BCD48-8387-4D0C-A052-44DD4144CBFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test1:*:*:*:*:*:*",
"matchCriteriaId": "7BCA84E2-AC4A-430D-8A30-E660D2A232A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test10:*:*:*:*:*:*",
"matchCriteriaId": "2255842B-34CD-4062-886C-37161A065703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test11:*:*:*:*:*:*",
"matchCriteriaId": "F0ED322D-004C-472E-A37F-89B78C55FE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test2:*:*:*:*:*:*",
"matchCriteriaId": "412F7334-C46B-4F61-B38A-2CA56B498151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test3:*:*:*:*:*:*",
"matchCriteriaId": "5967AF83-798D-4B1E-882A-5737FFC859C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test4:*:*:*:*:*:*",
"matchCriteriaId": "A90D2123-D55B-4104-8D82-5B6365AA3B77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test5:*:*:*:*:*:*",
"matchCriteriaId": "DCCDFD49-D402-420E-92F5-20445A0FE139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test6:*:*:*:*:*:*",
"matchCriteriaId": "2A073700-E8A9-4F76-9265-2BE0D5AC9909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test7:*:*:*:*:*:*",
"matchCriteriaId": "8877D178-1655-46E9-8F5A-2DD576601F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test8:*:*:*:*:*:*",
"matchCriteriaId": "0D55059C-B867-4E0F-B29C-9CD2C86915A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test9:*:*:*:*:*:*",
"matchCriteriaId": "8358E965-3689-4B05-8470-C4A1463FA0E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8220D81-9065-471F-9256-CFE7B9941555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D2A55C17-C530-4898-BC95-DE4D495F0D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2C14A949-E2B8-4100-8ED4-645CB996B08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "81941077-0011-4272-A8C7-21D0AFE7DECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB445E3E-CCBD-4737-BE30-841B9A79D558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9B2EDDD7-5B3E-45AA-BC42-A6FF516B8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "02F89C7A-24F2-4518-A605-78A5B7056A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2C43BA02-0686-42F0-B901-4CB88459E2D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F5301E27-8021-467C-A9A2-AF2137EF0299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "59393187-1D1E-45CD-BE0E-385F978E4834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D0CCDF6B-0365-4553-B161-3F6D68A58F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A9B2BB71-0489-40F6-9CB6-A95B96E92106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "842ECCE2-60F0-41C0-9EAA-A43AF97F61AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79787868-2D77-4B55-AD61-C2B357CCE047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "05F0391C-D4CC-4652-A24C-DC47F4C3DC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "56340FF9-EE77-4EB3-9720-240FAAEF39F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "79EB0E94-6AE8-4703-96BD-B927E0F2893F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3F27D3-8F1D-4576-A584-1E2059CC67B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8A1F1242-0F07-4D81-9175-3BA5B2C7B564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3ECBCF2E-95B3-4BE9-9B93-6390AB578C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1CF4EC75-06A2-4BD4-A39A-183F00C46E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5D260C-AE1C-47E9-A88C-B9C2B4349249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A0934C49-5F88-4189-BD88-2F32C39C2F25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DFC3618C-FBE8-4F7C-BECE-F2CDDF785599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6501752-2595-4412-9140-C78EB9FD41CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9958C6-AB7D-4B67-9AA7-42B628CBC391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "14B0A230-4054-4483-A3A7-9A5A286C7552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.7:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0D78F881-DB3A-423A-8DAD-314645B2B3EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.7:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D77D4CC4-7008-4E6F-A8CA-62DA244BB3AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C16E3D04-EC66-41FD-9CFA-FE0C21952CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F90242EF-048B-4539-AA41-87AA84875A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3C4E9325-2A70-4E15-9AAF-5588BF218055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "01402A85-B681-4DE0-B7BB-F52567DA29E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "70D1E088-5A9B-4CBF-A4FF-969201942CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "455E647F-73DD-400A-AA19-3D93FE2E57AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B812DFE2-6FFA-4D31-839C-0CCB2B1310EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC106BDA-2EA4-41A2-AA01-6352A5C255B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB515243-7519-4CA4-9267-D9A6798CBC49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B672E1B6-E8E9-473F-853F-906EA56D712E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.9:rc4:*:*:*:*:*:*",
"matchCriteriaId": "0EA23C4F-0848-4680-ACB0-CBC57D3F8C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDE1E92-C64D-4A3B-95A2-384BD772B28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F727CD3-D3C2-4648-9EC5-092DF3F73B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4B130EB7-A951-4717-A906-E2F602F7B69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D1765065-ABE5-478C-9ACC-EFFA8E4A7043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9D90502F-EC45-4ADC-9428-B94346DA660B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D8DE0233-BE28-4C0A-B9FB-2157F41F8D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2422569B-02ED-4028-83D8-D778657596B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E66E4653-1A55-4827-888B-E0776E32ED28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6C8994CB-7F94-43FB-8B84-06AEBB34EAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11:rc5:*:*:*:*:*:*",
"matchCriteriaId": "95DD4647-564E-4067-A945-F52232C0A33A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD39A7A-9172-4B85-B8FE-CEB94207A897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "35F5C369-6BFB-445F-AA8B-6F6FA7C33EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81DE32C2-5B07-4812-9F88-000F5FB000C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "02EED3D5-8F89-4B7F-A34B-52274B1A754F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5F87AA89-F377-4BEB-B69F-809F5DA6176C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C27AF62E-A026-43E9-89E6-CD807CE9DF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "79C2AE0E-DAE8-4443-B33F-6ABA9019AA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D343B121-C007-49F8-9DE8-AA05CE58FF0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7936B7EE-9CD1-4698-AD67-C619D0171A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A2AA2D-5183-4C49-A59D-AEB7D9B5A69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3A0370A2-0A23-4E34-A2AC-8D87D051B0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5738D628-0B2D-4F56-9427-2009BFCB6C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F43EBCB4-FCF4-479A-A44D-D913F7F09C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "169446DE-67F8-4738-91FE-ED8058118F80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4F76C298-81DC-43E4-8FC9-DC005A2116EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0AB349B2-3F78-4197-882B-90ADB3BF645A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6AC88830-A9BC-4607-B572-A4B502FC9FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*",
"matchCriteriaId": "476CB3A5-D022-4F13-AAEF-CB6A5785516A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8CFD5CDD-1709-44C7-82BD-BAFDC46990D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C7BF3B2-CCD1-4D39-AE9C-AB24ABA57447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "860F9225-8A3F-492C-B72B-5EFFB322802C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19DFB4EF-EA1F-4680-9D97-2FDFAA4B4A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57E23724-2CA4-4211-BB83-38661BE7E6AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B0688B3F-F8F2-4C62-B7A3-08F9FDCE7A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3896C4A6-C2F6-47CE-818A-7EB3DBF15BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6143DC1F-D62E-4DB2-AF43-30A07413D68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "93F0834D-C5EA-4C96-8D6C-3123ECF78F8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F1784CBC-BEAF-48E5-95A4-2A4BD5F9F1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "31523E67-5E4F-43F7-9410-20CB3F287DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:rc4:*:*:*:*:*:*",
"matchCriteriaId": "5D9F976B-1328-40FE-A1F2-C1DF3F836604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:rc5:*:*:*:*:*:*",
"matchCriteriaId": "9B627DE3-2702-4EB2-9733-253D315FB594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:rc6:*:*:*:*:*:*",
"matchCriteriaId": "10E1B011-8D20-448E-9DD5-023DD30D1FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13:rc7:*:*:*:*:*:*",
"matchCriteriaId": "2A29A4BC-0442-458E-A874-BF0D0F2870FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "298266AB-2A36-4606-BF80-2185FC56C4D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C2658CA-56C2-494F-AC42-618EC413CBDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AD34526D-F2CC-44C5-991D-B1E41C327860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F0B900-34E9-4545-B7AE-AF0A4363EACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B36F432D-FED1-4B8D-A458-BEDEEF306AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5220F0FE-C4CC-4E75-A16A-4ADCABA7E8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "04F25DE0-CA8E-4F57-87A5-C30D89CC9E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F87F764B-4097-44FA-B96E-A5DA75E31F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D7025803-C679-44DB-ADEE-864E6CAAD9B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14:rc4:*:*:*:*:*:*",
"matchCriteriaId": "24B879D6-4631-49A8-9366-75577DFB755D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14:rc5:*:*:*:*:*:*",
"matchCriteriaId": "C5B76C21-70C8-4911-A24B-270F876EF7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25379B32-D898-4E44-A740-978A129B5E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B90F8F2-9549-413D-9676-3EF634D832B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "915E64EF-6EEC-4DE2-A285-5F3FCE389645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "585BEE46-088A-494E-8E18-03F33F6BBEA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF35478-B292-4A00-B985-CEEDE8B212C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E85846A-61BE-4896-B4A6-42A7E1DBA515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E3B925-031D-4F6D-915A-A16F0FFA878C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7344B707-6145-48BA-8BC9-9B140A260BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "390B1E09-7014-4A74-834C-806BBEBAF6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FEF02479-2124-4655-A38D-A4793D3B8A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0FB5CF04-B5B6-4DFB-B051-61EDA257019F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A89DC9CD-C06F-4B9B-B376-900E65016296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:rc5:*:*:*:*:*:*",
"matchCriteriaId": "15BED7A7-3E96-43EF-8B6F-3C94897C3AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8C6FCAC4-B6C6-4125-B3AC-F30407AA7738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15:rc7:*:*:*:*:*:*",
"matchCriteriaId": "707ECC75-65B6-4B02-BE85-A4804549A2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFCEA98-C708-4E1E-B189-E6F96D28F07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B753112-CCDE-4870-AA97-4AAA2946421A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79B3AFE7-F4FF-4144-9046-E5926E305A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7616E197-ACCA-4191-A513-FD48417C7F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ED1AA7FC-F5B9-406C-ABE4-0BE5E9889619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE2F94D-E8E0-4BB7-A910-378012580025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "66F5AE3B-B701-4579-B44A-0F7A4267852E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DE04AF35-7A3B-45B0-A00F-2EF31910A2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D0ADF183-E519-4A99-910D-1F34E61B9EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4090E02D-1928-4003-91A4-7A422CCDAFFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.15.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBB1A21-3826-4BC5-A243-AF8F8D1D4728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "34E60197-56C3-485C-9609-B1C4A0E0FCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D1369C4A-EF3B-4805-9046-ADA38ED940C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CC3639E1-B5E4-4DD6-80D4-BA07D192C42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc3:*:*:*:*:*:*",
"matchCriteriaId": "54393D69-B368-4296-9798-D81570495C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc4:*:*:*:*:*:*",
"matchCriteriaId": "6791A801-9E06-47DD-912F-D8594E2F6B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc5:*:*:*:*:*:*",
"matchCriteriaId": "AE90CCED-3A5B-46E3-A6B0-4865AB786289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16:rc6:*:*:*:*:*:*",
"matchCriteriaId": "CBFF6DE7-6D7C-469A-9B2D-2F6E915F55B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86E452E4-45A9-4469-BF69-F40B6598F0EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5751AC4-A60F-42C6-88E5-FC8CFEE6F696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF886A6-7E73-47AD-B6A5-A9EC5BEDCD0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "48777A01-8F36-4752-8F7A-1D1686C69A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42DA6A18-5AA1-4920-94C6-8D0BB73C5352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "992EA5DE-5A5B-4782-8B5A-BDD8D6FB1E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E51F0211-2D3E-4260-AD63-E83AE4EC4AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4C4E1245-C6BB-462C-9E27-C608595DAE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.9:*:*:*:*:*:*:*",
"matchCriteriaId": "747F1324-AEFA-496F-9447-12CD13114F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "795C3B17-687E-4F33-AA99-8FEC16F14693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F2BDD5C7-9B6A-41B5-8679-5062B8A6E11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.12:*:*:*:*:*:*:*",
"matchCriteriaId": "190D5E2C-AD60-41F4-B29D-FB8EA8CB5FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6B81A4DD-2ADE-4455-B517-5E4E0532D5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4BD589CC-666B-4FAA-BCF0-91C484BDDB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD622EE-A840-42E1-B6BF-4AA27D039B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*",
"matchCriteriaId": "900D6742-DE0F-45C5-A812-BF84088CB02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*",
"matchCriteriaId": "225CA94C-8C84-4FA6-95D0-160A0016FBFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*",
"matchCriteriaId": "D88ED3C4-64C5-44B2-9F23-E16087046C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*",
"matchCriteriaId": "03FB31E5-190C-489A-AB30-910D2CC854F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4A781A-4A41-466F-8426-10B40CF8BA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED29B3F-456B-4767-8E59-8C19A3B7E1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F6316369-B54A-4E59-A022-E0610353B284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*",
"matchCriteriaId": "073C3CE0-E12D-4545-8460-5A1514271D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*",
"matchCriteriaId": "670FAA25-A86F-4E04-A3A0-0B3FF6CF9C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.25:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB33DEA-13C7-4B36-AB8A-ED680679A071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.26:*:*:*:*:*:*:*",
"matchCriteriaId": "86DD0FCC-BB12-410D-8C82-AB99C7C5311E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.27:*:*:*:*:*:*:*",
"matchCriteriaId": "83700989-8820-48DA-A9FE-6A77DF1E8439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.28:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9F4CEC-7781-468B-B460-4F487B7C6601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.29:*:*:*:*:*:*:*",
"matchCriteriaId": "67C75A62-8807-4821-9362-1E0D63C0A1B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.30:*:*:*:*:*:*:*",
"matchCriteriaId": "894D4812-D62F-489E-8D0E-5E9468CE8EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.31:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F92E01-4F08-4364-9E87-FFBC095E32E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.32:*:*:*:*:*:*:*",
"matchCriteriaId": "F9960640-F02D-4E81-A34B-1893D8FD7F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.33:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D00DAD-4F2D-45C7-B87C-85118D9DD855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.34:*:*:*:*:*:*:*",
"matchCriteriaId": "0C398D26-7132-4A6E-9003-77246644451B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.35:*:*:*:*:*:*:*",
"matchCriteriaId": "5EED2DA2-2516-42E9-8A33-0FA64BF51DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.36:*:*:*:*:*:*:*",
"matchCriteriaId": "FF425F00-41BA-4F59-A0DE-6362A1E9A142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.37:*:*:*:*:*:*:*",
"matchCriteriaId": "33577E79-1B6E-406D-A49B-2CEF1754F5D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.38:*:*:*:*:*:*:*",
"matchCriteriaId": "8B21D90E-5172-485E-87AC-F1681604AD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.39:*:*:*:*:*:*:*",
"matchCriteriaId": "C41F6822-92BF-43F5-8B3E-8BAF9E9A320D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.40:*:*:*:*:*:*:*",
"matchCriteriaId": "641EECFD-A985-4026-A53A-10FBE47EAD91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.41:*:*:*:*:*:*:*",
"matchCriteriaId": "47595F81-2083-4236-A0B0-E2B98DD78402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5FC758-5A5D-466A-8386-5FC469F79F66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.43:*:*:*:*:*:*:*",
"matchCriteriaId": "0CCA5C83-5293-4107-8E6A-85F82ECF2C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.44:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D0AADC-BC34-40FB-BD69-37981DC8E971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.45:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA7EAC4-7696-41CE-8EE9-3E39DE226BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.46:*:*:*:*:*:*:*",
"matchCriteriaId": "12547B6B-78F1-4426-81CE-5F208794658C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.47:*:*:*:*:*:*:*",
"matchCriteriaId": "38429E64-276B-46D4-AACD-05349D6F6615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.48:*:*:*:*:*:*:*",
"matchCriteriaId": "E89640F8-313B-4A36-A591-36645D1EF838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.49:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0271F0-41F2-4096-8C91-DAD1A81AF855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.50:*:*:*:*:*:*:*",
"matchCriteriaId": "7A40DCBB-B41B-468E-A918-6EA3F9A125E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.51:*:*:*:*:*:*:*",
"matchCriteriaId": "921B6A54-85E3-4867-8EDF-93EB86BAFBD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.52:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A2C6F1-ED7E-4E51-BE72-BD744D554EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.53:*:*:*:*:*:*:*",
"matchCriteriaId": "2B004CF1-0ACC-441C-9F61-9B20504F4ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.54:*:*:*:*:*:*:*",
"matchCriteriaId": "04B42F06-AC6D-40F3-BC03-5126BED48F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.55:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8002C7-19E2-4F20-890E-4BA2029174D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.56:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC90C2-AED0-4EAF-B5E8-DE75961DA26E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.57:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DA9C54-742C-4057-8BAB-18755B4A42D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.58:*:*:*:*:*:*:*",
"matchCriteriaId": "84BBE8BE-EAE8-4F7A-85BD-94BBF64F30EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.59:*:*:*:*:*:*:*",
"matchCriteriaId": "53037B40-D534-41D1-9895-8EDB0D884C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5549096F-C640-463E-AD07-FD8D254CC098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.61:*:*:*:*:*:*:*",
"matchCriteriaId": "F8DCAF19-879C-42BB-B56A-84504E79758A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.16.62:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8ED186-B0FE-4AAC-9B20-DFAD75D7F677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9E86E13B-EC92-47F3-94A9-DB515313011D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "980A6C7D-6175-4A44-8377-74AA7A9FD108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5C226902-04D9-4F32-866C-20225841ECF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C6EDD210-6E7B-4BD8-96C2-2C22FEE7DE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc4:*:*:*:*:*:*",
"matchCriteriaId": "655DB612-AF49-4C17-AFB9-2E33EE8E0572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc5:*:*:*:*:*:*",
"matchCriteriaId": "7EE30F34-EE81-4E1E-BF9F-A7A36B78B897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17:rc6:*:*:*:*:*:*",
"matchCriteriaId": "E1F65DF2-2794-47B7-9676-CCF150683CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB3068F-2F64-4BBC-BA3C-FB56A2FBED50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6555D45B-D3B3-4455-AB1E-E513F9FB6139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA5E262-7825-496F-AA72-0AD6DE6F3C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "56C6C01B-4CED-4F37-A415-0603496C27DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E62F6FA-6C96-4AEE-8547-8C2FE1FAD998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3ACE7A-A600-4ABB-B988-5D59D626DC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2F839622-3DE1-4A16-8BD2-5FA2CBF014D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC47887B-5608-47BE-85EE-563864461915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AF39E62B-EAB4-44B0-A421-2A71B7DD8341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "809264F1-763D-4A8F-B206-222332DD8732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A66ED53E-3139-4972-B027-D614BFFB8628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.12:*:*:*:*:*:*:*",
"matchCriteriaId": "85A3AB7A-1959-4A57-B83D-B2753C43649E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FB7FA3-727D-4BB9-937C-F4F5DA97FFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.17.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4A60B265-5508-4EE0-980A-44BB0966FD7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C06F0037-DE20-4B4A-977F-BFCFAB026517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1817C772-D367-4ABE-B835-466D31A6DC89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C667B8E4-64EB-4A05-84FF-B2243DEF757D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9484B41A-DFB6-4481-80D8-440C711CEA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*",
"matchCriteriaId": "53D373AF-DE6B-428E-9F0F-F1D220900A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*",
"matchCriteriaId": "F2975DF7-F916-456C-BF7C-2694559E5282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*",
"matchCriteriaId": "6D156EFF-D2E5-4F42-B6E7-954DE6CD90B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*",
"matchCriteriaId": "784EB96E-2FD3-4F77-8DB6-4D6C7A928946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D08CBC56-C820-4513-ABEC-1ABB3EFC3A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "338BB401-8831-4094-9186-2B3CFA5903D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1E32E6BA-AFEF-44A8-B230-87DD043BB222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F69E575B-BD1A-4E50-8D6F-131D5E08058E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20F6269B-5F6B-4413-B14D-7AE5442E4CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.6:*:*:*:*:*:*:*",
"matchCriteriaId": "189D1246-F975-4411-A58B-343ED90485FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1B914F7F-C6BD-4527-B1E9-7FD1E337A18C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "82EC9FCA-D17D-4CB9-B925-E8F8B68F8FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "179147E4-5247-451D-9409-545D661BC158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4ED4E9DD-DDAD-46A8-9AD2-9CAE406F7575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8D97ED16-D6B7-4445-889C-4D6DE2EDC49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B2C2D5D4-9A4B-4CDF-8D71-D22EB5E97D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DFFB2843-A867-48EC-97D7-B106C7BBAED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6554469E-F6AE-4EB0-880E-CBFD196FEE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F99CFC1-DCCE-47B9-98EF-84AEDAECE02E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C20367B0-F722-4442-8B59-ABB0FEDB8CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86A98A70-51E3-4556-8DC4-DD09CF370D1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "469EE3B0-3CC2-4AC2-86A0-2DF34205E707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FCFECB2B-6482-45F2-B3BB-EDDEDA0948A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.19.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC547EB-9308-4477-8256-A0E04B42D6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "C6940324-0383-4510-BA55-770E0A6B80B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB1E1A8B-6FA1-45AD-B034-EC34884527DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3313D5-52E8-49B3-B145-170D9A26DA43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D3A5FD5-4C42-4B00-8473-D5650FAED9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "480F035A-A59D-4113-A246-DF108BB2F591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "30D39E29-B2A0-4075-84AF-994C27AB0A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "19879317-B067-45DA-B497-21EBDDDC2521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D220C745-28AD-4D04-B2D2-A090D229206E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC5B3A6-6CD5-448D-B910-3BAD15FDC3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AF8895-7BF8-458E-B2BB-68699AABC023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CA768A9D-6C63-405E-9D14-5D68F8E93A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FF495E58-DA6C-402D-B381-4929CB8A502B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA794BE8-1A22-4BF8-AB79-53E7BCE60D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A591301C-C30F-44AC-90F0-709A18AA96E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D2606B-00A6-4FA3-A00D-B1E8A80B947C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.14:*:*:*:*:*:*:*",
"matchCriteriaId": "610A93BB-70E3-4BF1-83E8-8A7388477F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.15:*:*:*:*:*:*:*",
"matchCriteriaId": "821BD11F-3C6A-4424-BC9B-DFD786248B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F55A024-9F8E-44F8-A0D8-696BC232524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.17:*:*:*:*:*:*:*",
"matchCriteriaId": "84595143-3B04-4CE8-81C0-28EEEC58CD0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.18:*:*:*:*:*:*:*",
"matchCriteriaId": "32EE2B49-DDEB-4B49-A5F0-CAA161095A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C3ABFA33-8FA1-488E-A9BD-1593F495F595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.20:*:*:*:*:*:*:*",
"matchCriteriaId": "62F6DE3A-E6CC-4D7E-BD08-E43DC4182200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.20.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A29C44-EBE5-42B0-AFAD-C5A8F6EEF2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "50B422D1-6C6E-4359-A169-3EED78A1CF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git1:*:*:*:*:*:*",
"matchCriteriaId": "C8CBD2D9-3765-40B2-A056-D71BE750CC01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git2:*:*:*:*:*:*",
"matchCriteriaId": "A8F4D967-ED04-42EA-8B3E-36301D39D651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git3:*:*:*:*:*:*",
"matchCriteriaId": "C498EE89-7F07-4B1E-90E6-5897E6B04670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git4:*:*:*:*:*:*",
"matchCriteriaId": "708656AF-92AE-4EAF-AF19-F457DB04ADB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git5:*:*:*:*:*:*",
"matchCriteriaId": "3B263AB8-74A4-4C73-915C-A02724C24B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git6:*:*:*:*:*:*",
"matchCriteriaId": "A96D739B-9E8B-4D2F-9DED-4C9B313473CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:git7:*:*:*:*:*:*",
"matchCriteriaId": "4ACDEFEE-B946-4232-8BD5-A9F7AA84ED85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc3:*:*:*:*:*:*",
"matchCriteriaId": "247E13CB-9B11-4B64-80AD-C0F8482CCC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc4:*:*:*:*:*:*",
"matchCriteriaId": "903FE5D3-A9FB-466D-833B-448233BB0803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc5:*:*:*:*:*:*",
"matchCriteriaId": "958EDC43-0848-4D93-9D07-6A085A5940B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AD35F21D-0A28-4C14-BCF5-8EDA760701C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21:rc7:*:*:*:*:*:*",
"matchCriteriaId": "3AAD8BE9-A05B-40E8-80DF-0B2878968BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD2E9DC-2876-4515-BCE6-DDD0CC6A5708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F19064-CFBF-4B3C-A0A1-CE62265CD592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3F0CEC-B8FA-47E3-BA3E-182F43D3DA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AB759752-DC19-4750-838B-056063EFDC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.5:*:*:*:*:*:*:*",
"matchCriteriaId": "96A43C95-8569-40BE-9E5B-F9B3D0B9D188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD70B2B-9827-4DBB-B82D-0B70C2D4AB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.21.7:*:*:*:*:*:*:*",
"matchCriteriaId": "99662904-E5E3-4E81-B199-39707EAEB652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "615BDD1D-36AA-4976-909B-F0F66BF1090C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22:rc6:*:*:*:*:*:*",
"matchCriteriaId": "D123AAFE-3F17-45C4-9382-BA392FD022C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8A26D6-1BDA-45F0-8F7C-F95986050E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61A3EDF2-09D7-4116-AE46-D86E4B9602AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F320FA9F-C13D-4AA3-B838-A0E5D63E6A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B179CF1D-084D-4B21-956F-E55AC6BDE026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1B4877-286A-44B5-9C5C-0403F75B2BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.6:*:*:*:*:*:*:*",
"matchCriteriaId": "432CA976-6EFA-4D34-B5EA-CD772D067F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6E476195-657E-416E-BC16-44A18B06A133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.8:*:*:*:*:*:*:*",
"matchCriteriaId": "12A55028-B8F9-4AD2-AE57-A80D561F3C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4E641C-67D4-4599-8EFB-0B2F8D81D68C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.10:*:*:*:*:*:*:*",
"matchCriteriaId": "70460F6C-D6C0-4C1A-B13E-368705EAF223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3F26BA18-08AD-45FE-9F83-25CCB2E27270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBFF148-3EDA-4216-910B-8930D8C443C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.13:*:*:*:*:*:*:*",
"matchCriteriaId": "648C63F7-EA1D-4F2E-B8AF-1F380C83E542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1697B855-4834-4633-A5C8-C1F7F13ACE0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBAE75F-9145-4B9A-A6D8-E488C5326145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF566DA-0F04-48DA-AA40-565979C55328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5990C6C2-2F66-4C4D-8224-74163865F410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3A45A9B9-4B19-4A5B-BC95-BCBC4EF00F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C23AD176-3B99-4593-BCBD-13C1E579A13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.22.20:*:*:*:*:*:*:*",
"matchCriteriaId": "034DFD7F-8919-4245-8480-7B272F591271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6A3A30-FEA4-40B6-98A9-1840BB4E8CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0E249774-CE05-43D5-A5A3-7CCE24BB2AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8D42BA44-C69B-4170-9867-CABF93CA9BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5140380C-71BD-464F-AE53-1814C2653056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B18EC0A7-8616-4039-B98B-E1216E035B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22FB141B-FA2A-435D-8937-83FC0669CB20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C59131C8-F66A-4380-9F6E-3FC14C7C8562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5421616-4BF5-4269-8996-C3D2BA6AE2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23FC6CE2-8717-4558-A309-A441D322F00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CE87D1BC-A72D-42D2-A93C-67A5823BEB14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAC2E9D-0E82-4866-9046-ADD448418198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.10:*:*:*:*:*:*:*",
"matchCriteriaId": "760FB32D-9795-4B29-B79A-A32B5E70F7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFF67E9-B0C2-48D5-BB3A-CF21D10010FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5881A78C-D162-4DE5-8353-2BB1EC1F428B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B13D81D2-1A89-4E61-A90C-5E8BB880310B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.14:*:*:*:*:*:*:*",
"matchCriteriaId": "67F2047A-5F17-4B59-9075-41A5DC5C1CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.15:*:*:*:*:*:*:*",
"matchCriteriaId": "80F9887E-2466-4C73-A8E1-2117492F9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDE5B27-2EF0-464E-8F14-5E809D84D389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.23.17:*:*:*:*:*:*:*",
"matchCriteriaId": "815B2EE8-136F-44E4-997D-5F93A54775DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "13673DF5-09B1-40C8-AC54-A447DE8AB01E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc1:*:*:*:*:*:*",
"matchCriteriaId": "085259B8-9D41-42B0-B32B-66B8D365F106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9A12DE15-E192-4B90-ADB7-A886B3746DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FF6588E7-F4FA-40F5-8945-FC7B6094376E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc4:*:*:*:*:*:*",
"matchCriteriaId": "AE87E13E-ACF7-4F74-8938-729F3B0D694C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D4965A12-1BBA-4494-A5C1-43E0C0F48C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52152F5A-1833-4490-A373-9C547B90B0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64A095E-5E97-445E-B435-F09983CC0E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8035F93-9DEE-4B92-ABAA-4ABE0B71BF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE92406-DBF3-463E-8A51-F9679E851FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3C60D19B-ED9B-443C-9D49-002ABD381119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.24.6:*:*:*:*:*:*:*",
"matchCriteriaId": "264C61EE-64F6-43AD-B54F-7D683C29E64F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60B31894-78E7-41A6-857C-D7A0C1C52838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:virtualcenter:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFF5385-64AA-48AD-A5FE-25918E4F07D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D17E8DFD-AC99-45E6-81F9-ED66369FBD0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECFD8D25-7FDF-48DF-8728-5875C44FFB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "902BA958-06AA-4EDF-9F9E-1030083EA361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF29100-E124-4416-95CF-18B4246D43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7426B5AC-D0FD-424D-9A1E-0875C2102D0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an \"rt_cache leak.\""
},
{
"lang": "es",
"value": "La funci\u00f3n icmp_send en net/ipv4/icmp.c en el kernel Linux anerior a v2.6.25, cuando se configura como un router con una ruta RECHAZADA, no gestiona apropiadamente el Protocolo Independiente de Cach\u00e9 de Destino (alias DST) en alguna situaci\u00f3n que involucra transmisi\u00f3n de un mensaje ICMP Host inalcanzable, el cual permite a los atacantes remotos causar una denegaci\u00f3n de servicio (conectividad parada) enviando una larga serie de paquetes a muchos direcciones IP de destino con esta ruta RECHAZADA, RELATIVA a \"rt_cache leak.\""
}
],
"id": "CVE-2009-0778",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-12T15:20:49.780",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2009/03/11/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/33758"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34084"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021958"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=485163"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49199"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c0ecc4c4f8fd90988aab8a95297b9c0038b6160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2009/03/11/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/33758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1021958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=485163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7867"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.\n\nIt was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-0326.html .",
"lastModified": "2009-05-19T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-11 18:30
Modified
2025-04-09 00:30
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html | Release Notes | |
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html | Mailing List | |
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html | Mailing List | |
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | Mailing List | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html | Mailing List | |
| secalert@redhat.com | http://secunia.com/advisories/35036 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/36207 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/36338 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/36417 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/36631 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/37346 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/37471 | Broken Link | |
| secalert@redhat.com | http://support.apple.com/kb/HT3937 | Third Party Advisory | |
| secalert@redhat.com | http://support.apple.com/kb/HT3949 | Third Party Advisory | |
| secalert@redhat.com | http://support.apple.com/kb/HT4225 | Third Party Advisory | |
| secalert@redhat.com | http://www.cert.fi/en/reports/2009/vulnerability2009085.html | Broken Link | |
| secalert@redhat.com | http://www.codenomicon.com/labs/xml/ | Broken Link | |
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1859 | Mailing List, Patch | |
| secalert@redhat.com | http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html | Patch | |
| secalert@redhat.com | http://www.networkworld.com/columnists/2009/080509-xml-flaw.html | Broken Link | |
| secalert@redhat.com | http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html | Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/archive/1/507985/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securityfocus.com/bid/36010 | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-815-1 | Third Party Advisory | |
| secalert@redhat.com | http://www.vmware.com/security/advisories/VMSA-2009-0016.html | Third Party Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/2420 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/3184 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/3217 | Broken Link | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/3316 | Broken Link | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=515205 | Issue Tracking, Patch | |
| secalert@redhat.com | https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59 | Patch | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783 | Broken Link | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262 | Broken Link | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html | Mailing List | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html | Mailing List | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35036 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36207 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36338 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36417 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36631 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37346 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37471 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3937 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3949 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4225 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.fi/en/reports/2009/vulnerability2009085.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.codenomicon.com/labs/xml/ | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1859 | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.networkworld.com/columnists/2009/080509-xml-flaw.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/507985/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36010 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-815-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0016.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/2420 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3184 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3217 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3316 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=515205 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html | Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxml | 1.8.17 | |
| xmlsoft | libxml2 | 2.5.10 | |
| xmlsoft | libxml2 | 2.6.16 | |
| xmlsoft | libxml2 | 2.6.26 | |
| xmlsoft | libxml2 | 2.6.27 | |
| xmlsoft | libxml2 | 2.6.32 | |
| fedoraproject | fedora | 10 | |
| fedoraproject | fedora | 11 | |
| debian | debian_linux | 4.0 | |
| redhat | enterprise_linux | 3.0 | |
| redhat | enterprise_linux | 4.0 | |
| redhat | enterprise_linux | 5.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| canonical | ubuntu_linux | 9.04 | |
| chrome | * | ||
| apple | safari | * | |
| apple | iphone_os | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x_server | * | |
| apple | mac_os_x_server | * | |
| apple | mac_os_x_server | * | |
| opensuse | opensuse | * | |
| suse | linux_enterprise | 10.0 | |
| suse | linux_enterprise | 11.0 | |
| suse | linux_enterprise_server | 9 | |
| vmware | vcenter_server | 4.0 | |
| vmware | vma | 4.0 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esx | 4.0 | |
| vmware | esxi | 3.5 | |
| vmware | esxi | 4.0 | |
| sun | openoffice.org | * | |
| sun | openoffice.org | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C0B552-67E9-48E5-ABFB-AF0CD6DA46FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D463EC3C-88F1-46D9-ADB6-6283DC23B0B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD69C98-11AB-4BB5-A91A-F029BA0E1DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8135B1-FB22-4755-A5ED-CDB16E3E85A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4685BF-394A-4426-980A-2B1D37737C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "7069A49C-038C-4E7B-AF03-4D90D5734414",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*",
"matchCriteriaId": "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "40D8DAE0-8E75-435C-9BD6-FAEED2ACB47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6172AF57-B26D-45F8-BE3A-F75ABDF28F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5725BE44-B621-422F-B9E2-D400ACFC43EC",
"versionEndExcluding": "2.0.172.43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77BC4840-8A34-40F9-873B-DF0F4CADCBDD",
"versionEndExcluding": "4.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38364EB5-F557-4763-A555-9D66F51DE24B",
"versionEndExcluding": "4.0",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E0F574-6859-45A6-B160-7DDE92C07CC7",
"versionEndExcluding": "10.4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A880FA4-5DBF-4894-8DAC-C3CD147D1EB7",
"versionEndExcluding": "10.5.8",
"versionStartIncluding": "10.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B30A1267-231F-44CA-9484-8849C1808DEC",
"versionEndExcluding": "10.6.2",
"versionStartIncluding": "10.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D0444E-6B76-46EE-95EF-617F8967F6B6",
"versionEndExcluding": "10.4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F74FAC0-CC05-4797-9DE2-F7CE5CB8FC19",
"versionEndExcluding": "10.5.8",
"versionStartIncluding": "10.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F769B77-FF42-442C-8D1A-4E2AE1F5DF39",
"versionEndExcluding": "10.6.2",
"versionStartIncluding": "10.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF141FBE-4CA5-4695-94A0-8BE1309D28CC",
"versionEndIncluding": "11.1",
"versionStartIncluding": "10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AED08A6F-CD23-4405-B1CF-C96BB8AE7D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1608E282-2E96-4447-848D-DBE915DB0EF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D467EE9D-6A1F-4462-9BDA-C68B7EE375E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7426B5AC-D0FD-424D-9A1E-0875C2102D0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "902BA958-06AA-4EDF-9F9E-1030083EA361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF29100-E124-4416-95CF-18B4246D43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAE88D8C-9CC3-46D1-9F26-290BC679F47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13771B15-CD71-472A-BE56-718B87D5825D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:openoffice.org:*:*:*:*:*:*:*:*",
"matchCriteriaId": "100F1988-1FF0-483A-9A56-F02A398343D4",
"versionEndExcluding": "2.4.3",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:openoffice.org:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12DF9C72-2B26-432D-9A16-1D21D2E54557",
"versionEndExcluding": "3.1.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de uso anterior a la liberaci\u00f3n en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto producir una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una ,manipulaci\u00f3n de (1) una notaci\u00f3n o (2) tipos de atributo de enumeraci\u00f3n en un fichero XML como se demostr\u00f3 en Codenomicon XML fuzzing framework."
}
],
"id": "CVE-2009-2416",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2009-08-11T18:30:00.983",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35036"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36207"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36338"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36417"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36631"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37346"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3949"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.codenomicon.com/labs/xml/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1859"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36010"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-815-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/2420"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3217"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515205"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.codenomicon.com/labs/xml/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-815-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/2420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-18 21:00
Modified
2025-04-09 00:30
Severity ?
Summary
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://article.gmane.org/gmane.linux.kernel/871942 | Broken Link | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2009-1243.html | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/35983 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/36501 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/36562 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/36759 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/37105 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/37351 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/37471 | Broken Link | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2009/08/04/2 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2009/08/05/10 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-1438.html | Broken Link | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/507985/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/512019/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-852-1 | Third Party Advisory | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0016.html | Third Party Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/3316 | Broken Link | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/52899 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412 | Third Party Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598 | Third Party Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766 | Third Party Advisory | |
| cve@mitre.org | https://rhn.redhat.com/errata/RHSA-2009-1550.html | Third Party Advisory | |
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://article.gmane.org/gmane.linux.kernel/871942 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2009-1243.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35983 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36501 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36562 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36759 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37105 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37351 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37471 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/08/04/2 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/08/05/10 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-1438.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/507985/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/512019/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-852-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0016.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3316 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/52899 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1550.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 2.6.30 | |
| linux | linux_kernel | 2.6.30 | |
| linux | linux_kernel | 2.6.30 | |
| linux | linux_kernel | 2.6.30 | |
| linux | linux_kernel | 2.6.30 | |
| linux | linux_kernel | 2.6.30 | |
| linux | linux_kernel | 2.6.30 | |
| novell | linux_desktop | 9 | |
| opensuse | opensuse | 11.0 | |
| suse | linux_enterprise_desktop | 10 | |
| suse | linux_enterprise_server | 9 | |
| suse | linux_enterprise_server | 10 | |
| fedoraproject | fedora | 11 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| canonical | ubuntu_linux | 9.04 | |
| redhat | enterprise_linux_desktop | 3.0 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_server | 3.0 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_workstation | 3.0 | |
| redhat | enterprise_linux_workstation | 5.0 | |
| vmware | esx | 4.0 | |
| vmware | vma | 4.0 | |
| redhat | enterprise_linux | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C33180-0CB1-4A35-8AD9-24F2832A3ECF",
"versionEndIncluding": "2.6.29.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:-:*:*:*:*:*:*",
"matchCriteriaId": "77B40D2B-9AAA-49A4-9C74-7A94A82DBCCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc1:*:*:*:*:*:*",
"matchCriteriaId": "45273823-29EA-44DE-8444-3933402C5793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc2:*:*:*:*:*:*",
"matchCriteriaId": "88F60E74-09DB-4D4A-B922-4A46EED0EC20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E242D3DE-D1DC-406A-BCC3-C4380B7EC369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc4:*:*:*:*:*:*",
"matchCriteriaId": "5EE58B00-70BB-493D-ACDE-77F486984392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc5:*:*:*:*:*:*",
"matchCriteriaId": "8598D6E5-0C5C-4A31-841A-C12801DB7D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc6:*:*:*:*:*:*",
"matchCriteriaId": "59800B0A-477B-42F8-A58A-5144F455AE01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*",
"matchCriteriaId": "5595E484-647C-4F85-94AB-5A4D55CD766B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "513797E6-FCE6-4E84-9B66-202541F9601E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "22A79A35-05DB-4B9F-AD3E-EA6F933CF10C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "397313C3-6BF5-4A87-90B3-55678E807171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FE6DAA-4702-409A-98B6-DE13B12805A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7426B5AC-D0FD-424D-9A1E-0875C2102D0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current-\u003eclear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit."
},
{
"lang": "es",
"value": "Una funci\u00f3n execve en el kernel de Linux, posiblemente versi\u00f3n 2.6.30-rc6 y anteriores, no borra apropiadamente el puntero de current-)clear_child_tid, lo que permite a los usuarios locales causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente alcanzar privilegios por medio de un sistema de clonaci\u00f3n que llama con CLONE_CHILD_SETTID o CLONE_CHILD_CLEARTID habilitadas, que no son manejados apropiadamente durante la creaci\u00f3n y salida de hilos (subprocesos)."
}
],
"id": "CVE-2009-2848",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-18T21:00:00.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://article.gmane.org/gmane.linux.kernel/871942"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1243.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35983"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36501"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36562"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36759"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37105"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37351"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/04/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/05/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1438.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-852-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52899"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://article.gmane.org/gmane.linux.kernel/871942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1243.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/36759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/04/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/05/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1438.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-852-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-01 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/82276 | ||
| cve@mitre.org | http://secunia.com/advisories/49300 | ||
| cve@mitre.org | http://secunia.com/advisories/49322 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/53697 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1027099 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2012-0010.html | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/75891 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/82276 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49300 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49322 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/53697 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2012-0010.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/75891 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7426B5AC-D0FD-424D-9A1E-0875C2102D0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vma:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1050A1-D990-4769-BBD2-6125867129D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:vma:5.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "238DA4A0-629D-4848-A0F1-4A324EBCAE1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en VMware vMA v4.x y v5.x antes de v5.0.0.2, permite a usuarios locales conseguir privilegios a trav\u00e9s de un caballo de Troya DLL en el directorio de trabajo actual."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/lists/426.html \u0027Untrusted Search Path\u0027",
"id": "CVE-2012-2752",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-01T20:55:06.950",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/82276"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/49300"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/49322"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53697"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1027099"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0010.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/82276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75891"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-04 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c | Broken Link | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html | Broken Link, Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lists.vmware.com/pipermail/security-announce/2010/000082.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://lkml.org/lkml/2009/10/14/184 | Exploit, Mailing List | |
| secalert@redhat.com | http://lkml.org/lkml/2009/10/21/42 | Mailing List, Patch | |
| secalert@redhat.com | http://marc.info/?l=oss-security&m=125724568017045&w=2 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/37351 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/38017 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/38794 | Broken Link | |
| secalert@redhat.com | http://secunia.com/advisories/38834 | Broken Link | |
| secalert@redhat.com | http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6 | Broken Link | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:329 | Broken Link | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-1672.html | Broken Link | |
| secalert@redhat.com | http://www.securityfocus.com/archive/1/512019/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securityfocus.com/bid/36901 | Broken Link, Exploit, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.ubuntu.com/usn/usn-864-1 | Third Party Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/0528 | Broken Link | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=530490 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513 | Broken Link, Third Party Advisory | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608 | Broken Link, Third Party Advisory | |
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327 | Broken Link, Third Party Advisory | |
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1540.html | Third Party Advisory | |
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1541.html | Third Party Advisory | |
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1548.html | Third Party Advisory | |
| secalert@redhat.com | https://rhn.redhat.com/errata/RHSA-2009-1550.html | Third Party Advisory | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html | Broken Link, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.vmware.com/pipermail/security-announce/2010/000082.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lkml.org/lkml/2009/10/14/184 | Exploit, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lkml.org/lkml/2009/10/21/42 | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=oss-security&m=125724568017045&w=2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37351 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38017 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38794 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38834 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:329 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-1672.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/512019/100/0/threaded | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36901 | Broken Link, Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-864-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0528 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=530490 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513 | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608 | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327 | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1540.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1541.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1548.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rhn.redhat.com/errata/RHSA-2009-1550.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html | Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| novell | linux_desktop | 9 | |
| opensuse | opensuse | 11.0 | |
| opensuse | opensuse | 11.2 | |
| suse | suse_linux_enterprise_desktop | 10 | |
| suse | suse_linux_enterprise_server | 10 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| canonical | ubuntu_linux | 9.04 | |
| canonical | ubuntu_linux | 9.10 | |
| fedoraproject | fedora | 10 | |
| vmware | vma | 4.0 | |
| vmware | esx | 4.0 | |
| redhat | mrg_realtime | 1.0 | |
| redhat | enterprise_linux_desktop | 3.0 | |
| redhat | enterprise_linux_desktop | 4.0 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_eus | 4.8 | |
| redhat | enterprise_linux_eus | 5.4 | |
| redhat | enterprise_linux_server | 3.0 | |
| redhat | enterprise_linux_server | 4.0 | |
| redhat | enterprise_linux_server | 5.0 | |
| redhat | enterprise_linux_workstation | 3.0 | |
| redhat | enterprise_linux_workstation | 4.0 | |
| redhat | enterprise_linux_workstation | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC4349F-7F67-435F-8909-94648A0E8F90",
"versionEndIncluding": "2.6.31.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:-:*:*:*:*:*:*",
"matchCriteriaId": "37B2E2B1-3E39-4DBA-817D-08F34D9F6E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C85D4E0A-14DA-4884-AF6F-A0F54304430F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1C8471AA-44D7-4D19-82B6-C4B999C65F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc3:*:*:*:*:*:*",
"matchCriteriaId": "218DE1D1-3843-4076-9AE4-70AA0FD99B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2677114B-AF05-42EB-BBC8-FA85CD631C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc5:*:*:*:*:*:*",
"matchCriteriaId": "FA8D64E1-A700-4D9E-9063-EC3CFC1A6D98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*",
"matchCriteriaId": "5595E484-647C-4F85-94AB-5A4D55CD766B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "14DF1463-F23F-465F-8A35-D550A7438CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "02E6A767-B9A5-4054-BE70-286E0A464248",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*",
"matchCriteriaId": "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7426B5AC-D0FD-424D-9A1E-0875C2102D0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:mrg_realtime:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04A20072-7DB7-4079-9456-E2CE98F888E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7F2976D5-83A5-4A52-A1E6-D0E17F23FD62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4DD6917D-FE03-487F-9F2C-A79B5FCFBC5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "397313C3-6BF5-4A87-90B3-55678E807171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73322DEE-27A6-4D18-88A3-ED7F9CAEABD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FE6DAA-4702-409A-98B6-DE13B12805A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5DCF29-6830-45FF-BC88-17E2249C653D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname."
},
{
"lang": "es",
"value": "M\u00faltiples condiciones de carrera en fs/pipe.c en el kernel de Linux anteriores a v2.6.32-rc6 permite a usuarios locales producir una denegaci\u00f3n de servicio )desreferencia a puntero NULL y ca\u00edda del sistema) o conseguir privilegios mediante la apertura de un canal an\u00f3nimo en la ruta /proc/*/fd/."
}
],
"id": "CVE-2009-3547",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2009-11-04T15:30:00.640",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://lkml.org/lkml/2009/10/14/184"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://lkml.org/lkml/2009/10/21/42"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=oss-security\u0026m=125724568017045\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37351"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38017"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38794"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38834"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1672.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36901"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=530490"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1541.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://lkml.org/lkml/2009/10/14/184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://lkml.org/lkml/2009/10/21/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=oss-security\u0026m=125724568017045\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1672.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/36901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=530490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1541.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1548.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"lang": "en",
"value": "CWE-476"
},
{
"lang": "en",
"value": "CWE-672"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-25 01:30
Modified
2025-04-09 00:30
Severity ?
Summary
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911 | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/34422 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/34432 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/34786 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/35121 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/35185 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/35343 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/35390 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/35394 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/35656 | Broken Link | |
| cve@mitre.org | http://secunia.com/advisories/37471 | Broken Link | |
| cve@mitre.org | http://thread.gmane.org/gmane.linux.kernel/805280 | Broken Link | |
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1800 | Third Party Advisory | |
| cve@mitre.org | http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9 | Broken Link | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2009/03/23/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-1081.html | Broken Link | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/507985/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/34205 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/usn-793-1 | Third Party Advisory | |
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2009-0016.html | Third Party Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0802 | Broken Link | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/3316 | Broken Link | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/49356 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314 | Third Party Advisory | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34422 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34432 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34786 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35121 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35185 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35343 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35390 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35394 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35656 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37471 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://thread.gmane.org/gmane.linux.kernel/805280 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1800 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/03/23/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-1081.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/507985/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34205 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-793-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2009-0016.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0802 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3316 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/49356 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| opensuse | opensuse | 10.3 | |
| opensuse | opensuse | 11.0 | |
| opensuse | opensuse | 11.1 | |
| suse | linux_enterprise_desktop | 10 | |
| suse | linux_enterprise_server | 10 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 5.0 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| canonical | ubuntu_linux | 9.04 | |
| vmware | vcenter_server | 4.0 | |
| vmware | virtualcenter | 2.0.2 | |
| vmware | virtualcenter | 2.5 | |
| microsoft | windows | - | |
| vmware | server | 2.0.0 | |
| vmware | esx | 3.0.3 | |
| vmware | esx | 3.5 | |
| vmware | esx | 4.0 | |
| vmware | vma | 4.0 | |
| redhat | enterprise_linux | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2735F338-6C83-49C7-8DA0-E4754BE828E4",
"versionEndExcluding": "2.6.28.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "513797E6-FCE6-4E84-9B66-202541F9601E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "22A79A35-05DB-4B9F-AD3E-EA6F933CF10C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D467EE9D-6A1F-4462-9BDA-C68B7EE375E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:virtualcenter:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFF5385-64AA-48AD-A5FE-25918E4F07D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D17E8DFD-AC99-45E6-81F9-ED66369FBD0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2543D5-AE09-4E90-B27E-95075BE4ACBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "902BA958-06AA-4EDF-9F9E-1030083EA361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF29100-E124-4416-95CF-18B4246D43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7426B5AC-D0FD-424D-9A1E-0875C2102D0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option."
},
{
"lang": "es",
"value": "nfsd en el Kernel de Linux anteriores a la v2.6.28.9 no detiene la capacidad de CAP_MKNOD antes del manejo de una petici\u00f3n de usuario en un hilo, lo que permite a usuarios locales crear nodos de dispositivo, como se ha demostrado en un sistema de ficheros que ha sido exportado con la opci\u00f3n root_squash."
}
],
"id": "CVE-2009-1072",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-25T01:30:00.610",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34422"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34432"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34786"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35121"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35185"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35343"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35390"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35394"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35656"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://thread.gmane.org/gmane.linux.kernel/805280"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1800"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1081.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34205"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-793-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/0802"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=76a67ec6fb79ff3570dcb5342142c16098299911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/34786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/35656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://thread.gmane.org/gmane.linux.kernel/805280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1081.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/34205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-793-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/0802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8382"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue has been rated as having moderate security impact. It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG, via https://rhn.redhat.com/errata/RHSA-2009-1132.html , https://rhn.redhat.com/errata/RHSA-2009-1106.html , and https://rhn.redhat.com/errata/RHSA-2009-1081.html .\n\nThis issue is not planned to be fixed in Red Hat Enterprise Linux 2.1 and 3, due to these products being in Production 3 of their maintenance life-cycles, where only qualified security errata of important or critical impact are addressed.\n\nFor further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/ .",
"lastModified": "2009-09-10T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}