fkie_cve-2009-3612
Vulnerability from fkie_nvd
Published
2009-10-19 20:00
Modified
2025-04-09 00:30
Severity ?
Summary
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| linux | linux_kernel | 2.6.32 | |
| opensuse | opensuse | 11.0 | |
| suse | linux_enterprise_desktop | 10 | |
| suse | linux_enterprise_desktop | 10 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_software_development_kit | 10 | |
| suse | linux_enterprise_software_development_kit | 10 | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 8.04 | |
| canonical | ubuntu_linux | 8.10 | |
| canonical | ubuntu_linux | 9.04 | |
| canonical | ubuntu_linux | 9.10 | |
| fedoraproject | fedora | 10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F6511F-D405-456D-B7B4-3F73EABDFA77",
"versionEndIncluding": "2.4.37.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0289F2BE-8029-4F64-961F-07D0857861B1",
"versionEndExcluding": "2.6.32",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:-:*:*:*:*:*:*",
"matchCriteriaId": "37B2E2B1-3E39-4DBA-817D-08F34D9F6E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C85D4E0A-14DA-4884-AF6F-A0F54304430F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1C8471AA-44D7-4D19-82B6-C4B999C65F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc3:*:*:*:*:*:*",
"matchCriteriaId": "218DE1D1-3843-4076-9AE4-70AA0FD99B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2677114B-AF05-42EB-BBC8-FA85CD631C21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "513797E6-FCE6-4E84-9B66-202541F9601E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "22A79A35-05DB-4B9F-AD3E-EA6F933CF10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
"matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D3BEE9CB-F0AF-44B1-B454-1AE2F04D7299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3DB8A616-865B-4E70-BA2E-BE5F0BA7A351",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*",
"matchCriteriaId": "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881."
},
{
"lang": "es",
"value": "La funci\u00f3n tcf_fill_node en net/sched/cls_api.c del subsistema netlink en el kernel de Linux v2.6.x hasta la v2.6.32-rc5, y v2.4.37.6 y anteriores, no inicializa un determinado miembro de la estructura tcm__pad2, lo que puede permitir a usuarios locales obtener informaci\u00f3n confidencial de la memoria del kernel a trav\u00e9s de vectores de ataque sin especificar. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de CVE-2005-4881."
}
],
"id": "CVE-2009-3612",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-19T20:00:00.670",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad61df918c44316940404891d5082c63e79c256a"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://patchwork.ozlabs.org/patch/35412/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37086"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37909"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38794"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38834"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/14/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/14/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/15/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/15/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1670.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=528868"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10395"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7557"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad61df918c44316940404891d5082c63e79c256a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://patchwork.ozlabs.org/patch/35412/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/37909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/38834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/14/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/14/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/15/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1670.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=528868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/CVE-2009-3612\n\nThis issue has been rated as having moderate security impact.\n\nIt was addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1670.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively.\n\nA future kernel update in Red Hat Enterprise Linux 4 will address this flaw.\n\nThis issue is not planned to be fixed in Red Hat Enterprise Linux 3 due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed.\n\nFor further information about the Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/",
"lastModified": "2009-12-17T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…