Vulnerability Details : CVE-2009-3725
The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems.
Products affected by CVE-2009-3725
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-3725
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-3725
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2009-3725
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-3725
-
Red Hat 2009-11-09Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG, as they do not include the upstream change introducing this flaw.
References for CVE-2009-3725
-
http://www.ubuntu.com/usn/usn-864-1
USN-864-1: Linux kernel vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
http://xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/
Exploit;Third Party Advisory
-
http://patchwork.kernel.org/patch/51382/
Patch;Vendor Advisory
-
http://patchwork.kernel.org/patch/51383/
Patch;Vendor Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5
Vendor Advisory
-
http://patchwork.kernel.org/patch/51384/
Patch;Vendor Advisory
-
http://marc.info/?l=oss-security&m=125715484511380&w=2
Mailing List;Third Party Advisory
-
http://patchwork.kernel.org/patch/51387/
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/36834
Patch;Third Party Advisory
-
http://marc.info/?l=oss-security&m=125716192622235&w=2
Mailing List;Third Party Advisory
-
http://marc.info/?l=linux-kernel&m=125449888416314&w=2
Mailing List;Third Party Advisory
Jump to