CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
99.6%
Igor Zhbanov discovered that NFS clients were able to create device nodes
even when root_squash was enabled. An authenticated remote attacker
could create device nodes with open permissions, leading to a loss of
privacy or escalation of privileges. Only Ubuntu 8.10 and 9.04 were
affected. (CVE-2009-1072)
Dan Carpenter discovered that SELinux did not correctly handle
certain network checks when running with compat_net=1. A local
attacker could exploit this to bypass network checks. Default Ubuntu
installations do not enable SELinux, and only Ubuntu 8.10 and 9.04 were
affected. (CVE-2009-1184)
Shaohua Li discovered that memory was not correctly initialized in the
AGP subsystem. A local attacker could potentially read kernel memory,
leading to a loss of privacy. (CVE-2009-1192)
Benjamin Gilbert discovered that the VMX implementation of KVM did
not correctly handle certain registers. An attacker in a guest VM
could exploit this to cause a host system crash, leading to a denial
of service. This only affected 32bit hosts. Ubuntu 6.06 was not
affected. (CVE-2009-1242)
Thomas Pollet discovered that the Amateur Radio X.25 Packet Layer Protocol
did not correctly validate certain fields. A remote attacker could exploit
this to read kernel memory, leading to a loss of privacy. (CVE-2009-1265)
Trond Myklebust discovered that NFS did not correctly handle certain
long filenames. An authenticated remote attacker could exploit this to
cause a system crash, leading to a denial of service. Only Ubuntu 6.06
was affected. (CVE-2009-1336)
Oleg Nesterov discovered that the kernel did not correctly handle
CAP_KILL. A local user could exploit this to send signals to arbitrary
processes, leading to a denial of service. (CVE-2009-1337)
Daniel Hokka Zakrisson discovered that signal handling was not correctly
limited to process namespaces. A local user could bypass namespace
restrictions, possibly leading to a denial of service. Only Ubuntu 8.04
was affected. (CVE-2009-1338)
Pavel Emelyanov discovered that network namespace support for IPv6 was
not correctly handled. A remote attacker could send specially crafted
IPv6 traffic that would cause a system crash, leading to a denial of
service. Only Ubuntu 8.10 and 9.04 were affected. (CVE-2009-1360)
Neil Horman discovered that the e1000 network driver did not correctly
validate certain fields. A remote attacker could send a specially
crafted packet that would cause a system crash, leading to a denial of
service. (CVE-2009-1385)
Pavan Naregundi discovered that CIFS did not correctly check lengths
when handling certain mount requests. A remote attacker could send
specially crafted traffic to cause a system crash, leading to a denial
of service. (CVE-2009-1439)
Simon Vallet and Frank Filz discovered that execute permissions were
not correctly handled by NFSv4. A local user could bypass permissions
and run restricted programs, possibly leading to an escalation of
privileges. (CVE-2009-1630)
Jeff Layton and Suresh Jayaraman discovered buffer overflows in the CIFS
client code. A malicious remote server could exploit this to cause a
system crash or execute arbitrary code as root. (CVE-2009-1633)
Mikulas Patocka discovered that /proc/iomem was not correctly
initialized on Sparc. A local attacker could use this file to crash
the system, leading to a denial of service. Ubuntu 6.06 was not
affected. (CVE-2009-1914)
Miklos Szeredi discovered that OCFS2 did not correctly handle certain
splice operations. A local attacker could exploit this to cause
a system hang, leading to a denial of service. Ubuntu 6.06 was not
affected. (CVE-2009-1961)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.04 | noarch | linux-image-2.6.28-13-iop32x | < 2.6.28-13.45 | UNKNOWN |
Ubuntu | 9.04 | noarch | block-modules-2.6.28-13-generic-di | < 2.6.28-13.45 | UNKNOWN |
Ubuntu | 9.04 | noarch | crypto-modules-2.6.28-13-generic-di | < 2.6.28-13.45 | UNKNOWN |
Ubuntu | 9.04 | noarch | fat-modules-2.6.28-13-generic-di | < 2.6.28-13.45 | UNKNOWN |
Ubuntu | 9.04 | noarch | fb-modules-2.6.28-13-generic-di | < 2.6.28-13.45 | UNKNOWN |
Ubuntu | 9.04 | noarch | firewire-core-modules-2.6.28-13-generic-di | < 2.6.28-13.45 | UNKNOWN |
Ubuntu | 9.04 | noarch | floppy-modules-2.6.28-13-generic-di | < 2.6.28-13.45 | UNKNOWN |
Ubuntu | 9.04 | noarch | fs-core-modules-2.6.28-13-generic-di | < 2.6.28-13.45 | UNKNOWN |
Ubuntu | 9.04 | noarch | fs-secondary-modules-2.6.28-13-generic-di | < 2.6.28-13.45 | UNKNOWN |
Ubuntu | 9.04 | noarch | input-modules-2.6.28-13-generic-di | < 2.6.28-13.45 | UNKNOWN |
ubuntu.com/security/CVE-2009-1072
ubuntu.com/security/CVE-2009-1184
ubuntu.com/security/CVE-2009-1192
ubuntu.com/security/CVE-2009-1242
ubuntu.com/security/CVE-2009-1265
ubuntu.com/security/CVE-2009-1336
ubuntu.com/security/CVE-2009-1337
ubuntu.com/security/CVE-2009-1338
ubuntu.com/security/CVE-2009-1360
ubuntu.com/security/CVE-2009-1385
ubuntu.com/security/CVE-2009-1439
ubuntu.com/security/CVE-2009-1630
ubuntu.com/security/CVE-2009-1633
ubuntu.com/security/CVE-2009-1914
ubuntu.com/security/CVE-2009-1961
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
99.6%