|
|
Linux : Security Vulnerabilities Published In 2009 (Gain Information)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2009-3612 |
200 |
|
+Info |
2009-10-19 |
2017-09-18 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. |
|
2 |
CVE-2009-3228 |
200 |
|
+Info |
2009-10-19 |
2017-09-18 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. |
|
3 |
CVE-2009-3002 |
200 |
1
|
+Info |
2009-08-28 |
2017-09-18 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c. |
|
4 |
CVE-2009-3001 |
200 |
1
|
+Info |
2009-08-28 |
2017-09-18 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket. |
|
5 |
CVE-2009-2910 |
200 |
|
+Info |
2009-10-20 |
2017-09-18 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. |
|
6 |
CVE-2009-2847 |
|
1
|
+Info |
2009-08-18 |
2017-09-18 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function. |
|
7 |
CVE-2009-2691 |
200 |
|
+Info |
2009-08-14 |
2017-08-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition. |
|
8 |
CVE-2009-1265 |
189 |
|
Overflow +Info |
2009-04-07 |
2012-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent. |
|
9 |
CVE-2009-1192 |
|
|
+Info |
2009-04-24 |
2017-09-28 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. |
|
10 |
CVE-2009-0676 |
264 |
|
+Info |
2009-02-22 |
2017-09-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. |
|
11 |
CVE-2005-4881 |
200 |
|
+Info |
2009-10-19 |
2017-10-10 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions. |
Total number of vulnerabilities : 11
Page :
1
(This Page)
|
|
