| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2009-4527 |
264 |
|
+Priv |
2009-12-31 |
2017-08-16 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate attackers to gain privileges by using an unattended web browser. |
|
2 |
CVE-2009-4452 |
264 |
1
|
+Priv |
2009-12-29 |
2018-10-10 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse. |
|
3 |
CVE-2009-4419 |
16 |
|
Exec Code +Priv Bypass |
2009-12-24 |
2017-08-16 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and gain privileges by modifying the MCHBAR register to point to an attacker-controlled region, which prevents the SENTER instruction from properly applying VT-d protection while an MLE is being loaded. |
|
4 |
CVE-2009-4362 |
119 |
|
DoS Overflow +Priv |
2009-12-21 |
2009-12-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via long string arguments. NOTE: some of these details are obtained from third party information. |
|
5 |
CVE-2009-4361 |
119 |
|
DoS Overflow +Priv |
2009-12-21 |
2009-12-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via a long string argument. NOTE: some of these details are obtained from third party information. |
|
6 |
CVE-2009-4261 |
22 |
|
Exec Code +Priv Dir. Trav. |
2009-12-21 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors." |
|
7 |
CVE-2009-4215 |
264 |
|
+Priv |
2009-12-07 |
2018-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Panda Global Protection 2010, Internet Security 2010, and Antivirus Pro 2010 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs. |
|
8 |
CVE-2009-4211 |
264 |
|
+Priv |
2009-12-04 |
2018-10-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program. |
|
9 |
CVE-2009-4191 |
|
|
+Priv |
2009-12-03 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSolaris 2009.06 on the x86-64 platform allows local users to gain privileges via unknown vectors, as demonstrated by the vd_sol_local module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |
|
10 |
CVE-2009-4147 |
264 |
|
+Priv |
2009-12-02 |
2018-10-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1 and 8.0 does not clear the (1) LD_LIBMAP, (2) LD_LIBRARY_PATH, (3) LD_LIBMAP_DISABLE, (4) LD_DEBUG, and (5) LD_ELF_HINTS_PATH environment variables, which allows local users to gain privileges by executing a setuid or setguid program with a modified variable containing an untrusted search path that points to a Trojan horse library, different vectors than CVE-2009-4146. |
|
11 |
CVE-2009-4146 |
264 |
|
+Priv |
2009-12-02 |
2018-10-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147. |
|
12 |
CVE-2009-4136 |
|
|
+Priv |
2009-12-15 |
2018-10-10 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230. |
|
13 |
CVE-2009-4135 |
59 |
|
+Priv |
2009-12-11 |
2017-08-16 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp. |
|
14 |
CVE-2009-4133 |
|
|
Exec Code +Priv |
2009-12-23 |
2017-08-16 |
6.5 |
User |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute. |
|
15 |
CVE-2009-4112 |
264 |
|
+Priv |
2009-11-30 |
2018-10-10 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands. |
|
16 |
CVE-2009-4081 |
|
|
+Priv |
2009-11-29 |
2009-12-31 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Untrusted search path vulnerability in dstat before r3199 allows local users to gain privileges via a Trojan horse Python module in the current working directory, a different vulnerability than CVE-2009-3894. |
|
17 |
CVE-2009-4049 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2009-11-23 |
2018-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024. |
|
18 |
CVE-2009-4033 |
264 |
|
DoS +Priv +Info |
2009-12-08 |
2017-09-18 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to the open function with insufficient arguments, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file, cause a denial of service by overwriting this file, or gain privileges by executing this file. |
|
19 |
CVE-2009-4004 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2009-11-19 |
2017-08-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc7 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a KVM_X86_SETUP_MCE IOCTL request that specifies a large number of Machine Check Exception (MCE) banks. |
|
20 |
CVE-2009-3894 |
|
|
+Priv |
2009-11-29 |
2017-09-18 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory. |
|
21 |
CVE-2009-3881 |
200 |
|
+Priv +Info |
2009-11-09 |
2017-09-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650. |
|
22 |
CVE-2009-3873 |
119 |
|
Overflow +Priv |
2009-11-05 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. |
|
23 |
CVE-2009-3872 |
|
|
+Priv |
2009-11-05 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. |
|
24 |
CVE-2009-3868 |
119 |
|
Overflow +Priv |
2009-11-05 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. |
|
25 |
CVE-2009-3736 |
|
|
+Priv |
2009-11-29 |
2017-09-18 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. |
|
26 |
CVE-2009-3725 |
264 |
|
+Priv Bypass |
2009-11-06 |
2018-11-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems. |
|
27 |
CVE-2009-3710 |
255 |
1
|
+Priv |
2009-10-16 |
2009-10-19 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022. |
|
28 |
CVE-2009-3692 |
|
|
+Priv |
2009-10-13 |
2017-08-16 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. |
|
29 |
CVE-2009-3640 |
20 |
|
DoS +Priv |
2009-10-29 |
2017-08-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via a call to the kvm_vcpu_ioctl function. |
|
30 |
CVE-2009-3624 |
310 |
|
DoS +Priv |
2009-11-02 |
2012-03-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands. |
|
31 |
CVE-2009-3620 |
20 |
|
DoS +Priv |
2009-10-22 |
2017-09-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. |
|
32 |
CVE-2009-3589 |
264 |
|
+Priv |
2009-10-08 |
2009-10-08 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table. |
|
33 |
CVE-2009-3548 |
255 |
|
+Priv |
2009-11-12 |
2018-10-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges. |
|
34 |
CVE-2009-3547 |
362 |
|
DoS +Priv |
2009-11-04 |
2018-10-10 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. |
|
35 |
CVE-2009-3527 |
362 |
|
DoS +Priv Mem. Corr. |
2009-10-06 |
2009-10-07 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 allows local users to cause a denial of service (crash) or gain privileges via vectors related to kqueues, which triggers a use after free, leading to a NULL pointer dereference or memory corruption. |
|
36 |
CVE-2009-3523 |
20 |
|
+Priv Mem. Corr. |
2009-10-01 |
2017-09-18 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerability than CVE-2008-1625. |
|
37 |
CVE-2009-3522 |
119 |
|
DoS Overflow +Priv |
2009-10-01 |
2018-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018. |
|
38 |
CVE-2009-3482 |
264 |
|
+Priv |
2009-09-30 |
2018-10-10 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by replacing executables with Trojan horse programs. |
|
39 |
CVE-2009-3433 |
|
|
+Priv |
2009-09-28 |
2017-08-16 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in clsetup in the configuration utility in Sun Solaris Cluster 3.2 allows local users to gain privileges via unknown vectors. |
|
40 |
CVE-2009-3390 |
|
|
+Priv |
2009-09-24 |
2009-09-25 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) iscsitadm programs in Sun Solaris 10, and OpenSolaris snv_28 through snv_109, allow local users with certain RBAC execution profiles to gain privileges via unknown vectors related to the libima library. |
|
41 |
CVE-2009-3286 |
264 |
|
+Priv |
2009-09-22 |
2017-09-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails. |
|
42 |
CVE-2009-3281 |
264 |
|
+Priv |
2009-10-16 |
2009-10-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. |
|
43 |
CVE-2009-3230 |
264 |
|
+Priv |
2009-09-17 |
2018-10-10 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600. |
|
44 |
CVE-2009-3183 |
119 |
|
Overflow +Priv |
2009-09-14 |
2017-08-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via unspecified vectors. |
|
45 |
CVE-2009-3112 |
|
|
+Priv |
2009-09-09 |
2009-09-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter. |
|
46 |
CVE-2009-3108 |
264 |
|
+Priv |
2009-09-08 |
2013-02-06 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program. |
|
47 |
CVE-2009-3080 |
|
|
DoS +Priv |
2009-11-20 |
2017-09-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. |
|
48 |
CVE-2009-3043 |
399 |
|
DoS +Priv |
2009-09-02 |
2012-03-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux kernel 2.6.31-rc before 2.6.31-rc8 allows local users to cause a denial of service (system crash, sometimes preceded by a NULL pointer dereference) or possibly gain privileges via certain pseudo-terminal I/O activity, as demonstrated by KernelTtyTest.c. |
|
49 |
CVE-2009-2911 |
264 |
|
DoS Overflow +Priv |
2009-10-22 |
2009-10-31 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records. |
|
50 |
CVE-2009-2904 |
16 |
|
+Priv |
2009-10-01 |
2017-09-18 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership. |
