Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-3002
HistoryAug 28, 2009 - 3:30 p.m.

CVE-2009-3002

2009-08-2815:30:00
CWE-200
[email protected]
web.nvd.nist.gov
65
3
linux kernel
memory read
cve-2009-3002
security vulnerability

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.

Affected configurations

NVD
Node
linuxlinux_kernelRange<2.6.31
OR
linuxlinux_kernelMatch2.6.31-
OR
linuxlinux_kernelMatch2.6.31rc1
OR
linuxlinux_kernelMatch2.6.31rc2
OR
linuxlinux_kernelMatch2.6.31rc3
OR
linuxlinux_kernelMatch2.6.31rc4
OR
linuxlinux_kernelMatch2.6.31rc5
OR
linuxlinux_kernelMatch2.6.31rc6
Node
canonicalubuntu_linuxMatch6.06lts
OR
canonicalubuntu_linuxMatch8.04lts
OR
canonicalubuntu_linuxMatch8.10
OR
canonicalubuntu_linuxMatch9.04

References

Social References

More

Related

prion 1
nvd 1
seebug 3
cvelist 1
ubuntucve 1
veracode 1
exploitpack 1
exploitdb 1
openvas 28
nessus 22
suse 4
oraclelinux 3
centos 1
redhat 2
securityvulns 2
osv 3
debian 3
vmware 1
fedora 1
ubuntu 1
prion
prion
Memory corruption
2009-08-28 15:30:00
nvd
nvd
CVE-2009-3002
2009-08-28 15:30:00
seebug
seebug
Linux Kernel < 2.6.31-rc7 - AF_IRDA 29-Byte Stack Disclosure Exploit
2014-07-01 00:00:00
Linux Kernel &lt; 2.6.31-rc7 AF_IRDA 29-Byte Stack Disclosure Exploit
2009-09-01 00:00:00
Linux Kernel .getnameε‡½ζ•°ε€šδΈͺδΏ‘ζ―ζ³„ιœ²ζΌζ΄ž
2009-09-02 00:00:00
cvelist
cvelist
CVE-2009-3002
2009-08-28 15:00:00
ubuntucve
ubuntucve
CVE-2009-3002
2009-08-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:40:03
exploitpack
exploitpack
Linux Kernel 2.6.31-rc7 - AF_IRDA 29-Byte Stack Disclosure (2)
2009-08-31 00:00:00
exploitdb
exploitdb
Linux Kernel &lt; 2.6.31-rc7 - &#039;AF_IRDA&#039; 29-Byte Stack Disclosure (2)
2009-08-31 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2009-1455)
2015-10-08 00:00:00
SLES11: Security update for Linux kernel
2009-11-11 00:00:00
SuSE Security Advisory SUSE-SA:2009:051 (kernel)
2009-11-11 00:00:00
nessus
nessus
SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1410 / 1412 / 1413)
2009-11-03 00:00:00
openSUSE Security Update : kernel (kernel-1415)
2009-11-02 00:00:00
Fedora 10 : kernel-2.6.27.35-170.2.94.fc10 (2009-10165)
2009-10-05 00:00:00
suse
suse
potential local privilege escalation in kernel
2009-11-02 17:52:48
local privilege escalation in kernel
2009-11-16 13:03:36
local privilege escalation in kernel
2009-11-11 17:52:30
oraclelinux
oraclelinux
kernel security and bug fix update
2009-09-30 00:00:00
kernel security and bug fix update
2009-11-04 00:00:00
Oracle Enterprise Linux 5.5 kernel security and bug fix update
2010-04-05 00:00:00
centos
centos
kernel security update
2009-11-04 00:55:32
redhat
redhat
(RHSA-2009:1550) Important: kernel security and bug fix update
2009-11-03 00:00:00
(RHSA-2009:1540) Important: kernel-rt security, bug fix, and enhancement update
2009-11-03 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1915-1] New Linux 2.6.26 packages fix several vulnerabilities
2009-10-23 00:00:00
Linux kernel multiple security vulnerabilities
2009-11-08 00:00:00
osv
osv
linux-2.6 - several vulnerabilities
2009-11-05 00:00:00
linux-2.6 - several vulnerabilities
2009-10-22 00:00:00
linux-2.6.24 - several vulnerabilities
2009-11-05 00:00:00
debian
debian
[SECURITY] [DSA 1929-1] New Linux 2.6.18 packages fix several vulnerabilities
2009-11-06 00:51:43
[SECURITY] [DSA 1915-1] New Linux 2.6.26 packages fix several vulnerabilities
2009-10-23 15:58:04
[SECURITY] [DSA 1928-1] New Linux 2.6.24 packages fix several vulnerabilities
2009-11-05 22:03:48
vmware
vmware
ESX 3.5 third party update for Service Console kernel
2010-06-24 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: kernel-2.6.27.35-170.2.94.fc10
2009-10-03 18:56:05
ubuntu
ubuntu
Linux kernel vulnerabilities
2009-10-22 00:00:00

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON
Related for CVE-2009-3002
prion1nvd1seebug3cvelist1ubuntucve1veracode1exploitpack1exploitdb1openvas28nessus22suse4oraclelinux3centos1redhat2securityvulns2osv3debian3vmware1fedora1ubuntu1