Executive Summary
Summary | |
---|---|
Title | kernel security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:1222 | First vendor Publication | 2009-08-24 |
Vendor | RedHat | Last vendor Modification | 2009-08-24 |
Severity (Vendor) | Important | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated kernel packages that fix two security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. These updated packages also fix the following bug: * in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was not freed in the error exit path. This bug led to a memory leak and an unresponsive system. A reported case of this bug occurred after running "cman_tool kill -n [nodename]". (BZ#515432) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 515432 - dlm_send socket leak [rhel-5.3.z] 516949 - CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc 518034 - CVE-2009-2698 kernel: udp socket NULL ptr dereference |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-1222.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-476 | NULL Pointer Dereference |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11514 | |||
Oval ID: | oval:org.mitre.oval:def:11514 | ||
Title: | Service Console update for COS kernel | ||
Description: | The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2698 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11526 | |||
Oval ID: | oval:org.mitre.oval:def:11526 | ||
Title: | Service Console update for COS kernel | ||
Description: | The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2692 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28627 | |||
Oval ID: | oval:org.mitre.oval:def:28627 | ||
Title: | RHSA-2009:1222 -- kernel security and bug fix update (Important) | ||
Description: | Updated kernel packages that fix two security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1222 CESA-2009:1222-CentOS 5 CVE-2009-2692 CVE-2009-2698 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8557 | |||
Oval ID: | oval:org.mitre.oval:def:8557 | ||
Title: | VMware kernel udp_sendmsg function vulnerability | ||
Description: | The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2698 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8657 | |||
Oval ID: | oval:org.mitre.oval:def:8657 | ||
Title: | VMware kernel NULL pointer dereference vulnerability | ||
Description: | The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2692 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-09-02 | Linux Kernel < 2.6.19 - udp_sendmsg Local Root Exploit |
2009-09-02 | Linux Kernel < 2.6.19 udp_sendmsg Local Root Exploit (x86/x64) |
2009-08-31 | Linux Kernel 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit |
2009-08-24 | Linux Kernel 2.4/2.6 - sock_sendpage() ring0 Root Exploit (simple ver) |
2009-08-18 | Linux Kernel 2.x sock_sendpage() Local Root Exploit (Android Edition) |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for kernel CESA-2009:1233 centos3 i386 File : nvt/gb_CESA-2009_1233_kernel_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2009:1223 centos4 i386 File : nvt/gb_CESA-2009_1223_kernel_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for kernel CESA-2009:1222 centos5 i386 File : nvt/gb_CESA-2009_1222_kernel_centos5_i386.nasl |
2009-12-14 | Name : Fedora Core 10 FEDORA-2009-13098 (kernel) File : nvt/fcore_2009_13098.nasl |
2009-11-11 | Name : Fedora Core 10 FEDORA-2009-11038 (kernel) File : nvt/fcore_2009_11038.nasl |
2009-10-19 | Name : Fedora Core 10 FEDORA-2009-10525 (kernel) File : nvt/fcore_2009_10525.nasl |
2009-10-13 | Name : SLES10: Security update for Linux kernel File : nvt/sles10_kernel5.nasl |
2009-10-13 | Name : SLES10: Security update for Linux kernel File : nvt/sles10_kernel2.nasl |
2009-10-11 | Name : SLES11: Security update for Linux kernel File : nvt/sles11_ext4dev-kmp-def2.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5056729.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel File : nvt/sles9p5055991.nasl |
2009-10-06 | Name : Fedora Core 10 FEDORA-2009-10165 (kernel) File : nvt/fcore_2009_10165.nasl |
2009-09-28 | Name : RedHat Security Advisory RHSA-2009:1457 File : nvt/RHSA_2009_1457.nasl |
2009-09-21 | Name : Mandrake Security Advisory MDVSA-2009:233 (kernel) File : nvt/mdksa_2009_233.nasl |
2009-09-21 | Name : SuSE Security Summary SUSE-SR:2009:015 File : nvt/suse_sr_2009_015.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1239 File : nvt/RHSA_2009_1239.nasl |
2009-09-02 | Name : Fedora Core 11 FEDORA-2009-8684 (kernel) File : nvt/fcore_2009_8684.nasl |
2009-09-02 | Name : CentOS Security Advisory CESA-2009:1233 (kernel) File : nvt/ovcesa2009_1233.nasl |
2009-09-02 | Name : CentOS Security Advisory CESA-2009:1223 (kernel) File : nvt/ovcesa2009_1223.nasl |
2009-09-02 | Name : CentOS Security Advisory CESA-2009:1222 (kernel) File : nvt/ovcesa2009_1222.nasl |
2009-09-02 | Name : SuSE Security Advisory SUSE-SA:2009:045 (kernel) File : nvt/suse_sa_2009_045.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:205 (kernel) File : nvt/mdksa_2009_205.nasl |
2009-09-02 | Name : Fedora Core 11 FEDORA-2009-9044 (kernel) File : nvt/fcore_2009_9044.nasl |
2009-09-02 | Name : RedHat Security Advisory RHSA-2009:1222 File : nvt/RHSA_2009_1222.nasl |
2009-09-02 | Name : Fedora Core 11 FEDORA-2009-8649 (kernel) File : nvt/fcore_2009_8649.nasl |
2009-09-02 | Name : Fedora Core 10 FEDORA-2009-8647 (kernel) File : nvt/fcore_2009_8647.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1872-1 (linux-2.6) File : nvt/deb_1872_1.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1865-1 (linux-2.6) File : nvt/deb_1865_1.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1864-1 (linux-2.6.24) File : nvt/deb_1864_1.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1862-1 (linux-2.6) File : nvt/deb_1862_1.nasl |
2009-09-02 | Name : RedHat Security Advisory RHSA-2009:1233 File : nvt/RHSA_2009_1233.nasl |
2009-09-02 | Name : RedHat Security Advisory RHSA-2009:1223 File : nvt/RHSA_2009_1223.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-230-01 kernel File : nvt/esoft_slk_ssa_2009_230_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
57462 | Linux Kernel net/ipv*/udp.c MSG_MORE Flag Local Privilege Escalation |
56992 | Linux Kernel Multiple Protocol proto_ops() Initialization NULL Dereference Lo... Linux kernel contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the kernel fails to initialize all function pointers for socket operations in proto_ops structures, allowing local users to trigger a null pointer dereference. This flaw may lead to a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0023.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1233.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1223.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1222.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1469.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1457.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090827_kernel_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090824_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6437.nasl - Type : ACT_GATHER_INFO |
2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6460.nasl - Type : ACT_GATHER_INFO |
2010-06-28 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0010.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1872.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1865.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1864.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1862.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1222.nasl - Type : ACT_GATHER_INFO |
2009-11-23 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-852-1.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-6440.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12487.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6453.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-090816.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kernel-6439.nasl - Type : ACT_GATHER_INFO |
2009-09-15 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-233.nasl - Type : ACT_GATHER_INFO |
2009-08-31 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1233.nasl - Type : ACT_GATHER_INFO |
2009-08-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1233.nasl - Type : ACT_GATHER_INFO |
2009-08-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kernel-090814.nasl - Type : ACT_GATHER_INFO |
2009-08-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-090816.nasl - Type : ACT_GATHER_INFO |
2009-08-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1223.nasl - Type : ACT_GATHER_INFO |
2009-08-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1222.nasl - Type : ACT_GATHER_INFO |
2009-08-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1223.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-819-1.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-230-01.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-205.nasl - Type : ACT_GATHER_INFO |
2009-08-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8647.nasl - Type : ACT_GATHER_INFO |
2009-08-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8649.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:47 |
|