Lucene search

[email protected]CVE-2009-3547

HistoryNov 04, 2009 - 3:30 p.m.

CVE-2009-3547

2009-11-0415:30:00

CWE-672

CWE-476

CWE-362

[email protected]

web.nvd.nist.gov

cve-2009-3547

linux kernel

race conditions

security vulnerability

denial of service

privilege escalation

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤2.6.31.14

linuxlinux_kernelMatch2.6.32-

linuxlinux_kernelMatch2.6.32rc1

linuxlinux_kernelMatch2.6.32rc2

linuxlinux_kernelMatch2.6.32rc3

linuxlinux_kernelMatch2.6.32rc4

linuxlinux_kernelMatch2.6.32rc5

Node

novelllinux_desktopMatch9

opensuseopensuseMatch11.0

opensuseopensuseMatch11.2

susesuse_linux_enterprise_desktopMatch10sp2

susesuse_linux_enterprise_serverMatch10sp2

Node

canonicalubuntu_linuxMatch6.06

canonicalubuntu_linuxMatch8.04

canonicalubuntu_linuxMatch8.10

canonicalubuntu_linuxMatch9.04

canonicalubuntu_linuxMatch9.10

Node

fedoraprojectfedoraMatch10

Node

vmwarevmaMatch4.0

vmwareesxMatch4.0

Node

redhatmrg_realtimeMatch1.0

redhatenterprise_linux_desktopMatch3.0

redhatenterprise_linux_desktopMatch4.0

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_eusMatch4.8

redhatenterprise_linux_eusMatch5.4

redhatenterprise_linux_serverMatch3.0

redhatenterprise_linux_serverMatch4.0

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_workstationMatch3.0

redhatenterprise_linux_workstationMatch4.0

redhatenterprise_linux_workstationMatch5.0

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle2.6.31.14
linux:linux_kernellinux linux kerneleq2.6.32

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	2.6.31.14
linux:linux_kernel	linux linux kernel	eq	2.6.32

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c

lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html

lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html

lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html

lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

lists.vmware.com/pipermail/security-announce/2010/000082.html

lkml.org/lkml/2009/10/14/184

lkml.org/lkml/2009/10/21/42

marc.info/?l=oss-security&m=125724568017045&w=2

secunia.com/advisories/37351

secunia.com/advisories/38017

secunia.com/advisories/38794

secunia.com/advisories/38834

www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6

www.mandriva.com/security/advisories?name=MDVSA-2009:329

www.redhat.com/support/errata/RHSA-2009-1672.html

www.securityfocus.com/archive/1/512019/100/0/threaded

www.securityfocus.com/bid/36901

www.ubuntu.com/usn/usn-864-1

www.vupen.com/english/advisories/2010/0528

bugzilla.redhat.com/show_bug.cgi?id=530490

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327

rhn.redhat.com/errata/RHSA-2009-1540.html

rhn.redhat.com/errata/RHSA-2009-1541.html

rhn.redhat.com/errata/RHSA-2009-1548.html

rhn.redhat.com/errata/RHSA-2009-1550.html

www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html

Social References

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2009-3547

centos3 prion1 nessus36 redhat8 openvas60 ubuntucve1 cvelist1 seebug2 zdt1 veracode1 nvd1 oraclelinux4 exploitpack1 threatpost1 exploitdb1 canvas1 suse6 securityvulns3 debian3 osv3 vmware5 fedora8 kitploit1 ubuntu1