Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations | |||
---|---|---|---|
Name | CVE-2009-1186 | First vendor Publication | 2009-04-17 |
Vendor | Cve | Last vendor Modification | 2023-02-13 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13617 | |||
Oval ID: | oval:org.mitre.oval:def:13617 | ||
Title: | DSA-1772-1 udev -- several | ||
Description: | Sebastian Kramer discovered two vulnerabilities in udev, the /dev and hotplug management daemon. CVE-2009-1185 udev does not check the origin of NETLINK messages, allowing local users to gain root privileges. CVE-2009-1186 udev suffers from a buffer overflow condition in path encoding, potentially allowing arbitrary code execution. For the old stable distribution, these problems have been fixed in version 0.105-4etch1. For the stable distribution, these problems have been fixed in version 0.125-7+lenny1. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your udev package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1772-1 CVE-2009-1185 CVE-2009-1186 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | udev |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13855 | |||
Oval ID: | oval:org.mitre.oval:def:13855 | ||
Title: | USN-758-1 -- udev vulnerabilities | ||
Description: | Sebastian Krahmer discovered that udev did not correctly validate netlink message senders. A local attacker could send specially crafted messages to udev in order to gain root privileges. Sebastian Krahmer discovered a buffer overflow in the path encoding routines in udev. A local attacker could exploit this to crash udev, leading to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-758-1 CVE-2009-1185 CVE-2009-1186 | Version: | 5 |
Platform(s): | Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | udev |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8217 | |||
Oval ID: | oval:org.mitre.oval:def:8217 | ||
Title: | DSA-1772 udev -- several vulnerabilities | ||
Description: | Sebastian Kramer discovered two vulnerabilities in udev, the /dev and hotplug management daemon. udev does not check the origin of NETLINK messages, allowing local users to gain root privileges. udev suffers from a buffer overflow condition in path encoding, potentially allowing arbitrary code execution. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1772 CVE-2009-1185 CVE-2009-1186 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | udev |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 2 | |
Os | 4 | |
Os | 2 | |
Os | 2 | |
Os | 3 | |
Os | 2 | |
Os | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:103-1 (udev) File : nvt/mdksa_2009_103_1.nasl |
2009-05-05 | Name : Mandrake Security Advisory MDVSA-2009:103 (udev) File : nvt/mdksa_2009_103.nasl |
2009-04-20 | Name : Debian Security Advisory DSA 1772-1 (udev) File : nvt/deb_1772_1.nasl |
2009-04-20 | Name : Fedora Core 10 FEDORA-2009-3711 (udev) File : nvt/fcore_2009_3711.nasl |
2009-04-20 | Name : Fedora Core 9 FEDORA-2009-3712 (udev) File : nvt/fcore_2009_3712.nasl |
2009-04-20 | Name : Gentoo Security Advisory GLSA 200904-18 (udev) File : nvt/glsa_200904_18.nasl |
2009-04-20 | Name : SuSE Security Advisory SUSE-SA:2009:020 (udev) File : nvt/suse_sa_2009_020.nasl |
2009-04-20 | Name : Ubuntu USN-757-1 (gs-gpl) File : nvt/ubuntu_757_1.nasl |
2009-04-20 | Name : Ubuntu USN-758-1 (udev) File : nvt/ubuntu_758_1.nasl |
2009-04-20 | Name : Ubuntu USN-759-1 (poppler) File : nvt/ubuntu_759_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-111-01 udev File : nvt/esoft_slk_ssa_2009_111_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
53811 | udev udev/lib/libudev-util.c util_path_encode Function Overflow DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-05-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-103.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3711.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-758-1.nasl - Type : ACT_GATHER_INFO |
2009-04-21 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-111-01.nasl - Type : ACT_GATHER_INFO |
2009-04-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200904-18.nasl - Type : ACT_GATHER_INFO |
2009-04-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1772.nasl - Type : ACT_GATHER_INFO |
2009-04-17 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3712.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-02-13 09:29:20 |
|
2022-06-03 21:27:25 |
|
2021-05-04 12:09:22 |
|
2021-04-22 01:09:42 |
|
2020-05-23 01:40:15 |
|
2020-05-23 00:23:35 |
|
2018-10-11 00:19:34 |
|
2016-04-26 18:44:25 |
|
2014-02-17 10:49:35 |
|
2013-05-10 23:47:58 |
|