Lucene search

K

RedhatCVELIST:CVE-2009-3725

HistoryNov 06, 2009 - 3:00 p.m.

CVE-2009-3725

2009-11-0615:00:00

redhat

www.cve.org

1

AI Score

7.3

Confidence

High

EPSS

0

Percentile

10.1%

The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems.

References

marc.info/?l=linux-kernel&m=125449888416314&w=2

marc.info/?l=oss-security&m=125715484511380&w=2

marc.info/?l=oss-security&m=125716192622235&w=2

patchwork.kernel.org/patch/51382/

patchwork.kernel.org/patch/51383/

patchwork.kernel.org/patch/51384/

patchwork.kernel.org/patch/51387/

secunia.com/advisories/37113

secunia.com/advisories/38905

www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5

www.securityfocus.com/bid/36834

www.ubuntu.com/usn/usn-864-1

xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/

AI Score

7.3

Confidence

High

EPSS

0

Percentile

10.1%

Related for CVELIST:CVE-2009-3725

seebug1 ubuntucve2 redhatcve2 nessus3 osv2 prion2 cve2 debian2 nvd2 openvas4 cvelist1 ubuntu1