Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:11842
HistoryJul 20, 2009 - 12:00 a.m.

Linux Kernel tun_chr_pool()函数空指针引用漏洞

2009-07-2000:00:00
Root
www.seebug.org
18

0.0004 Low

EPSS

Percentile

0.4%

JSON

BUGTRAQ ID: 35724
CVE(CAN) ID: CVE-2009-1894

Linux Kernel是开放源码操作系统Linux所使用的内核。

Linux Kernel的drivers/net/tun.c文件中的tun_chr_poll()函数存在空指针引用错误:

int fd;
struct pollfd pfd;
fd = open("/dev/net/tun", O_RDWR);
pfd.fd = fd;
pfd.events = POLLIN | POLLOUT;
poll(&pfd, 1, 0);

如果用户对tun设备执行了open()和poll()操作,就可以触发这个漏洞,导致崩溃或以root用户权限执行任意指令。成功攻击要求使用GCC的-fdelete-null-pointer-checks优化编译了内核。

Linux kernel 2.6.30
厂商补丁:

Linux

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3c8a9c63d5fd738c261bd0ceece04d9c8357ca13

Related

openvas 10
nessus 4
nvd 2
ubuntu 1
ubuntucve 2
debian 1
gentoo 1
cve 2
debiancve 1
securityvulns 3
prion 2
cvelist 2
osv 1
exploitpack 1
seebug 1
packetstorm 1
exploitdb 1
openvas
openvas
Mandrake Security Advisory MDVSA-2009:152 (pulseaudio)
2009-07-29 00:00:00
Mandrake Security Advisory MDVSA-2009:152 (pulseaudio)
2009-07-29 00:00:00
Debian Security Advisory DSA 1838-1 (pulseaudio)
2009-07-29 00:00:00
nessus
nessus
Debian DSA-1838-1 : pulseaudio - privilege escalation
2010-02-24 00:00:00
GLSA-200907-13 : PulseAudio: Local privilege escalation
2009-07-17 00:00:00
Ubuntu 8.04 LTS / 8.10 / 9.04 : pulseaudio vulnerability (USN-804-1)
2009-07-17 00:00:00
nvd
nvd
CVE-2009-1894
2009-07-17 16:30:00
CVE-2009-1897
2009-07-20 17:30:54
ubuntu
ubuntu
PulseAudio vulnerability
2009-07-16 00:00:00
ubuntucve
ubuntucve
CVE-2009-1894
2009-07-17 00:00:00
CVE-2009-1897
2009-07-20 00:00:00
debian
debian
[SECURITY] [DSA 1838-1] New pulseaudio packages fix privilege escalation
2009-07-18 12:18:19
gentoo
gentoo
PulseAudio: Local privilege escalation
2009-07-16 00:00:00
cve
cve
CVE-2009-1894
2009-07-17 16:30:00
CVE-2009-1897
2009-07-20 17:30:54
debiancve
debiancve
CVE-2009-1894
2009-07-17 16:30:00
securityvulns
securityvulns
PulseAudio race conditions
2009-07-18 00:00:00
PulseAudio local race condition privilege escalation vulnerability
2009-07-18 00:00:00
The GNU C library dynamic linker expands $ORIGIN in setuid library search path
2010-10-24 00:00:00
prion
prion
Race condition
2009-07-17 16:30:00
Null pointer dereference
2009-07-20 17:30:00
cvelist
cvelist
CVE-2009-1894
2009-07-17 16:00:00
CVE-2009-1897
2009-07-20 17:00:00
osv
osv
pulseaudio - privilege escalation
2009-07-18 00:00:00
exploitpack
exploitpack
GNU C library dynamic linker - $ORIGIN Expansion
2010-10-18 00:00:00
seebug
seebug
GNU C library dynamic linker $ORIGIN expansion Vulnerability
2014-07-01 00:00:00
packetstorm
packetstorm
GNU C Library Dynamic Linker $ORIGIN Expansion Vulnerability
2010-10-19 00:00:00
exploitdb
exploitdb
GNU C library dynamic linker - '$ORIGIN' Expansion
2010-10-18 00:00:00

0.0004 Low

EPSS

Percentile

0.4%

JSON
Related for SSV:11842
openvas10nessus4nvd2ubuntu1ubuntucve2debian1gentoo1cve2debiancve1securityvulns3prion2cvelist2osv1exploitpack1seebug1packetstorm1exploitdb1