Vulnerability Details : CVE-2009-3002
Potential exploit
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.
Vulnerability category: Information leak
Products affected by CVE-2009-3002
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
Threat overview for CVE-2009-3002
Top countries where our scanners detected CVE-2009-3002
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2009-3002 1,597
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-3002!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-3002
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-3002
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:C/I:N/A:N |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2009-3002
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-3002
-
Red Hat 2009-11-04CVE-2009-3002 describes a collection of similar information leaks that affect numerous networking protocols. The Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 did not enable support for the AppleTalk DDP protocol, and therefore were not affected by issue (1). It was addressed in Red Hat Enterprise Linux 3 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1550.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively. The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG did not enable support for IrDA sockets, and therefore were not affected by issue (2). It was addressed in Red Hat Enterprise Linux 3 via: https://rhn.redhat.com/errata/RHSA-2009-1550.html The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG did not enable support for the Acorn Econet and AUN protocols, and therefore were not affected by issue (3). The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG did not enable support for the NET/ROM and ROSE protocols, and therefore were not affected by issues (4) and (5). They were addressed in Red Hat Enterprise Linux 3 via: https://rhn.redhat.com/errata/RHSA-2009-1550.html The raw_getname() leak was introduced in the Linux kernel version 2.6.25-rc1. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG therefore were not affected by issue (6).
References for CVE-2009-3002
-
http://www.securityfocus.com/archive/1/512019/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2009/08/27/2
Mailing List;Third Party Advisory
-
https://rhn.redhat.com/errata/RHSA-2009-1550.html
RHSA-2009:1550 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20Mailing List;Third Party Advisory
-
https://rhn.redhat.com/errata/RHSA-2009-1540.html
RHSA-2009:1540 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=09384dfc76e526c3993c09c42e016372dc9dd22c
Vendor Advisory
-
http://www.exploit-db.com/exploits/9521
Third Party Advisory;VDB Entry
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e84b90ae5eb3c112d1f208964df1d8156a538289
Vendor Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=80922bbb12a105f858a8f0abb879cb4302d0ecaa
Vendor Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7
Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2009:056) - openSUSE Security Announce - openSUSE Mailing ListsMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/36150
Exploit;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2009:054) - openSUSE Security Announce - openSUSE Mailing ListsMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2009/08/27/1
Mailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-852-1
USN-852-1: Linux kernel vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f6b97b29513950bfbf621a83d85b6f86b39ec8db
Vendor Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d392475c873c10c10d6d96b94d092a34ebd4791
Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=519305
Exploit;Issue Tracking;Third Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=17ac2e9c58b69a1e25460a568eae1b0dc0188c25
Vendor Advisory
Jump to