Vulnerability Details : CVE-2009-3228
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.
Products affected by CVE-2009-3228
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc8:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
Threat overview for CVE-2009-3228
Top countries where our scanners detected CVE-2009-3228
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2009-3228 1,518
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-3228!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-3228
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-3228
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2009-3228
-
The product does not initialize a critical resource.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-3228
-
Red Hat 2009-11-04This issue was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1522.html , https://rhn.redhat.com/errata/RHSA-2009-1548 and https://rhn.redhat.com/errata/RHSA-2009-1540 respectively. It has been rated as having moderate security impact and is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/
References for CVE-2009-3228
-
http://www.ubuntu.com/usn/usn-864-1
USN-864-1: Linux kernel vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9409
Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2009/09/05/2
Mailing List;Patch;Third Party Advisory
-
http://www.vupen.com/english/advisories/2010/0528
Webmail: access your OVH emails on ovhcloud.com | OVHcloudThird Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6
Broken Link
-
http://www.redhat.com/support/errata/RHSA-2009-1522.html
Third Party Advisory
-
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
502 Bad GatewayThird Party Advisory
-
https://rhn.redhat.com/errata/RHSA-2009-1540.html
RHSA-2009:1540 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2009/09/03/1
Mailing List;Patch;Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc9
Broken Link
-
http://www.securitytracker.com/id?1023073
Third Party Advisory;VDB Entry
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b
Patch;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2009/09/17/9
Mailing List;Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=520990
Issue Tracking;Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2009/09/06/2
Mailing List;Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2009/09/17/1
Mailing List;Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2009/09/07/2
Mailing List;Patch;Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
mandriva.comThird Party Advisory
-
http://patchwork.ozlabs.org/patch/32830/
Patch;Third Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=096ed17f20affc2db0e307658c69b67433992a7a
Broken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6757
Third Party Advisory
-
https://rhn.redhat.com/errata/RHSA-2009-1548.html
RHSA-2009:1548 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to