Executive Summary

Informations
Name CVE-2009-0859 First vendor Publication 2009-03-09
Vendor Cve Last vendor Modification 2012-03-22

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 4.7 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0859

CWE : Common Weakness Enumeration

idName
CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13816
 
Oval ID: oval:org.mitre.oval:def:13816
Title: USN-752-1 -- linux-source-2.6.15 vulnerabilities
Description: NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service. Sparc syscalls did not correctly check mmap regions. A local attacker could cause a system panic, leading to a denial of service. In certain situations, cloned processes were able to send signals to parent processes, crossing privilege boundaries. A local attacker could send arbitrary signals to parent processes, leading to a denial of service. The 64-bit syscall interfaces did not correctly handle sign extension. A local attacker could make malicious syscalls, possibly gaining root privileges. The x86_64 architecture was not affected. The SCTP stack did not correctly validate FORWARD-TSN packets. A remote attacker could send specially crafted SCTP traffic causing a system crash, leading to a denial of service. The Dell platform device did not correctly validate user parameters. A local attacker could perform specially crafted reads to crash the system, leading to a denial of service. Network interfaces statistics for the SysKonnect FDDI driver did not check capabilities. A local user could reset statistics, potentially interfering with packet accounting systems. The getsockopt function did not correctly clear certain parameters. A local attacker could read leaked kernel memory, leading to a loss of privacy. The syscall interface did not correctly validate parameters when crossing the 64-bit/32-bit boundary. A local attacker could bypass certain syscall restricts via crafted syscalls. The shared memory subsystem did not correctly handle certain shmctl calls when CONFIG_SHMEM was disabled. Ubuntu kernels were not vulnerable, since CONFIG_SHMEM is enabled by default
Family: unix Class: patch
Reference(s): USN-752-1
CVE-2008-4307
CVE-2008-6107
CVE-2009-0028
CVE-2009-0029
CVE-2009-0065
CVE-2009-0322
CVE-2009-0675
CVE-2009-0676
CVE-2009-0834
CVE-2009-0835
CVE-2009-0859
Version: 7
Platform(s): Ubuntu 6.06
Product(s): linux-source-2.6.15
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os1

OpenVAS Exploits

DateDescription
2009-10-13Name : SLES10: Security update for the Linux kernel
File : nvt/sles10_kernel8.nasl
2009-10-10Name : SLES9: Security update for the Linux kernel
File : nvt/sles9p5051763.nasl
2009-06-09Name : SuSE Security Advisory SUSE-SA:2009:030 (kernel)
File : nvt/suse_sa_2009_030.nasl
2009-06-09Name : SuSE Security Advisory SUSE-SA:2009:031 (kernel)
File : nvt/suse_sa_2009_031.nasl
2009-06-05Name : Ubuntu USN-776-2 (kvm)
File : nvt/ubuntu_776_2.nasl
2009-05-25Name : Debian Security Advisory DSA 1800-1 (linux-2.6)
File : nvt/deb_1800_1.nasl
2009-05-11Name : Debian Security Advisory DSA 1794-1 (linux-2.6)
File : nvt/deb_1794_1.nasl
2009-05-05Name : Debian Security Advisory DSA 1787-1 (linux-2.6.24)
File : nvt/deb_1787_1.nasl
2009-04-15Name : Ubuntu USN-752-1 (linux-source-2.6.15)
File : nvt/ubuntu_752_1.nasl
2009-04-15Name : Ubuntu USN-753-1 (postgresql-8.3)
File : nvt/ubuntu_753_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
52755Linux Kernel shm Subsystem ipc/shm.c shm_get_stat Function SHM_INFO shmctl Ca...

Nessus® Vulnerability Scanner

DateDescription
2012-05-17Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6236.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-6237.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_kernel-090602.nasl - Type : ACT_GATHER_INFO
2009-06-09Name : The remote openSUSE host is missing a security update.
File : suse_kernel-6274.nasl - Type : ACT_GATHER_INFO
2009-05-18Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1800.nasl - Type : ACT_GATHER_INFO
2009-05-11Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1794.nasl - Type : ACT_GATHER_INFO
2009-05-04Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1787.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-751-1.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-752-1.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/34020
CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a...
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.5
http://patchwork.kernel.org/patch/6554/
DEBIAN http://www.debian.org/security/2009/dsa-1787
http://www.debian.org/security/2009/dsa-1794
http://www.debian.org/security/2009/dsa-1800
MLIST http://marc.info/?l=git-commits-head&m=123387479500599&w=2
http://marc.info/?l=linux-kernel&m=120428209704324&w=2
http://marc.info/?l=linux-kernel&m=123309645625549&w=2
http://openwall.com/lists/oss-security/2009/03/06/1
SECUNIA http://secunia.com/advisories/34981
http://secunia.com/advisories/35011
http://secunia.com/advisories/35121
http://secunia.com/advisories/35185
http://secunia.com/advisories/35390
http://secunia.com/advisories/35394
SUSE http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
UBUNTU http://www.ubuntu.com/usn/usn-751-1
XF http://xforce.iss.net/xforce/xfdb/49229

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:49:10
  • Multiple Updates
2013-05-10 23:45:54
  • Multiple Updates