Executive Summary

Informations
Name CVE-2009-3725 First vendor Publication 2009-11-06
Vendor Cve Last vendor Modification 2018-11-16

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3725

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18387
 
Oval ID: oval:org.mitre.oval:def:18387
Title: DSA-2015-1 drbd8 linux-modules-extra-2.6 - privilege escalation
Description: A local vulnerability has been discovered in drbd8.
Family: unix Class: patch
Reference(s): DSA-2015-1
CVE-2009-3725
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): drbd8
linux-modules-extra-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7293
 
Oval ID: oval:org.mitre.oval:def:7293
Title: DSA-2015 drbd8 -- privilege escalation
Description: A local vulnerability has been discovered in drbd8. Philipp Reisner fixed an issue in the drbd kernel module that allows local users to send netlink packets to perform actions that should be restricted to users with CAP_SYS_ADMIN privileges. This is a similar issue to those described by CVE-2009-3725. This update also fixes an ABI compatibility issue which was introduced by linux-2.6. The prebuilt drbd module packages listed in this advisory require a linux-image package version 2.6.26-21lenny3 or greater.
Family: unix Class: patch
Reference(s): DSA-2015
CVE-2009-3725
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): drbd8
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 5
Os 1182

OpenVAS Exploits

Date Description
2010-03-16 Name : Debian Security Advisory DSA 2012-1 (linux-2.6)
File : nvt/deb_2012_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
59449 Linux Kernel Connector Netlink Packet Local Privilege Escalation

Linux Kernel contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when unprivileged users being able to send netlink packets to certain subsystems using connector, which can be exploited to change certain configurations and perform other operations that should not be available to unprivileged users.

Nessus® Vulnerability Scanner

Date Description
2010-03-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2015.nasl - Type : ACT_GATHER_INFO
2010-03-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2012.nasl - Type : ACT_GATHER_INFO
2009-12-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-869-1.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-864-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/36834
CONFIRM http://patchwork.kernel.org/patch/51382/
http://patchwork.kernel.org/patch/51383/
http://patchwork.kernel.org/patch/51384/
http://patchwork.kernel.org/patch/51387/
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5
MISC http://xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missi...
MLIST http://marc.info/?l=linux-kernel&m=125449888416314&w=2
http://marc.info/?l=oss-security&m=125715484511380&w=2
http://marc.info/?l=oss-security&m=125716192622235&w=2
SECUNIA http://secunia.com/advisories/37113
http://secunia.com/advisories/38905
UBUNTU http://www.ubuntu.com/usn/usn-864-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Date Informations
2024-02-02 01:11:48
  • Multiple Updates
2024-02-01 12:03:18
  • Multiple Updates
2023-09-05 12:11:02
  • Multiple Updates
2023-09-05 01:03:09
  • Multiple Updates
2023-09-02 12:11:09
  • Multiple Updates
2023-09-02 01:03:11
  • Multiple Updates
2023-08-12 12:13:06
  • Multiple Updates
2023-08-12 01:03:10
  • Multiple Updates
2023-08-11 12:11:11
  • Multiple Updates
2023-08-11 01:03:18
  • Multiple Updates
2023-08-06 12:10:45
  • Multiple Updates
2023-08-06 01:03:12
  • Multiple Updates
2023-08-04 12:10:51
  • Multiple Updates
2023-08-04 01:03:13
  • Multiple Updates
2023-07-14 12:10:47
  • Multiple Updates
2023-07-14 01:03:11
  • Multiple Updates
2023-03-29 01:12:22
  • Multiple Updates
2023-03-28 12:03:17
  • Multiple Updates
2022-10-11 12:09:37
  • Multiple Updates
2022-10-11 01:03:00
  • Multiple Updates
2022-03-11 01:08:02
  • Multiple Updates
2021-05-04 12:10:21
  • Multiple Updates
2021-04-22 01:10:47
  • Multiple Updates
2020-08-11 12:04:35
  • Multiple Updates
2020-08-08 01:04:37
  • Multiple Updates
2020-08-01 12:04:40
  • Multiple Updates
2020-07-30 01:04:47
  • Multiple Updates
2020-05-23 01:41:00
  • Multiple Updates
2020-05-23 00:24:29
  • Multiple Updates
2018-11-30 12:02:58
  • Multiple Updates
2018-11-16 21:19:32
  • Multiple Updates
2018-10-30 12:03:06
  • Multiple Updates
2016-08-05 12:02:15
  • Multiple Updates
2016-06-29 00:07:47
  • Multiple Updates
2016-06-28 17:52:22
  • Multiple Updates
2016-04-26 19:12:47
  • Multiple Updates
2014-02-17 10:52:04
  • Multiple Updates
2013-05-10 23:59:48
  • Multiple Updates