RHSA-2009:1223

Executive Summary

Summary
Title	kernel security update

Informations
Name	RHSA-2009:1223	First vendor Publication	2009-08-24
Vendor	RedHat	Last vendor Modification	2009-08-24
Severity (Vendor)	Important	Revision	02

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.2	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated kernel packages that fix two security issues are now available for
Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages fix the following security issues:

* a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
macro did not initialize the sendpage operation in the proto_ops structure
correctly. A local, unprivileged user could use this flaw to cause a local
denial of service or escalate their privileges. (CVE-2009-2692, Important)

* a flaw was found in the udp_sendmsg() implementation in the Linux kernel
when using the MSG_MORE flag on UDP sockets. A local, unprivileged user
could use this flaw to cause a local denial of service or escalate their
privileges. (CVE-2009-2698, Important)

Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google
Security Team for responsibly reporting these flaws.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

516949 - CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc
518034 - CVE-2009-2698 kernel: udp socket NULL ptr dereference

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-1223.html

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:8657

Oval ID:	oval:org.mitre.oval:def:8657
Title:	VMware kernel NULL pointer dereference vulnerability
Description:	The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2692	Version:	2
Platform(s):	VMWare ESX Server 4	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-200911201-UG is not installed

Definition Id: oval:org.mitre.oval:def:11591

Oval ID:	oval:org.mitre.oval:def:11591
Title:	The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
Description:	The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2692	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section kernel-BOOT is earlier than 0:2.4.21-60.EL AND kernel-unsupported is earlier than 0:2.4.21-60.EL AND kernel-smp-unsupported is earlier than 0:2.4.21-60.EL AND kernel-hugemem-unsupported is earlier than 0:2.4.21-60.EL AND kernel-hugemem is earlier than 0:2.4.21-60.EL AND kernel is earlier than 0:2.4.21-60.EL AND kernel-source is earlier than 0:2.4.21-60.EL AND kernel-doc is earlier than 0:2.4.21-60.EL AND kernel-smp is earlier than 0:2.4.21-60.EL OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kernel-xenU is earlier than 0:2.6.9-89.0.9.EL AND kernel-hugemem is earlier than 0:2.6.9-89.0.9.EL AND kernel-hugemem-devel is earlier than 0:2.6.9-89.0.9.EL AND kernel-xenU-devel is earlier than 0:2.6.9-89.0.9.EL AND kernel-smp-devel is earlier than 0:2.6.9-89.0.9.EL AND kernel-largesmp-devel is earlier than 0:2.6.9-89.0.9.EL AND kernel is earlier than 0:2.6.9-89.0.9.EL AND kernel-devel is earlier than 0:2.6.9-89.0.9.EL AND kernel-doc is earlier than 0:2.6.9-89.0.9.EL AND kernel-largesmp is earlier than 0:2.6.9-89.0.9.EL AND kernel-smp is earlier than 0:2.6.9-89.0.9.EL OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section kernel-kdump is earlier than 0:2.6.18-128.7.1.el5 AND kernel-debug is earlier than 0:2.6.18-128.7.1.el5 AND kernel-xen is earlier than 0:2.6.18-128.7.1.el5 AND kernel-headers is earlier than 0:2.6.18-128.7.1.el5 AND kernel-kdump-devel is earlier than 0:2.6.18-128.7.1.el5 AND kernel-xen-devel is earlier than 0:2.6.18-128.7.1.el5 AND kernel is earlier than 0:2.6.18-128.7.1.el5 AND kernel-PAE-devel is earlier than 0:2.6.18-128.7.1.el5 AND kernel-devel is earlier than 0:2.6.18-128.7.1.el5 AND kernel-PAE is earlier than 0:2.6.18-128.7.1.el5 AND kernel-debug-devel is earlier than 0:2.6.18-128.7.1.el5 AND kernel-doc is earlier than 0:2.6.18-128.7.1.el5

Definition Id: oval:org.mitre.oval:def:11526

Oval ID:	oval:org.mitre.oval:def:11526
Title:	Service Console update for COS kernel
Description:	The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2692	Version:	3
Platform(s):	VMWare ESX Server 3.5	Product(s):
Definition Synopsis:
VMware ESX Server 3.5.0 is installed AND Patch ESX350-201006401-SG is not installed

Definition Id: oval:org.mitre.oval:def:9142

Oval ID:	oval:org.mitre.oval:def:9142
Title:	The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
Description:	The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2698	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section kernel-BOOT is earlier than 0:2.4.21-60.EL AND kernel-unsupported is earlier than 0:2.4.21-60.EL AND kernel-smp-unsupported is earlier than 0:2.4.21-60.EL AND kernel-hugemem-unsupported is earlier than 0:2.4.21-60.EL AND kernel-hugemem is earlier than 0:2.4.21-60.EL AND kernel is earlier than 0:2.4.21-60.EL AND kernel-source is earlier than 0:2.4.21-60.EL AND kernel-doc is earlier than 0:2.4.21-60.EL AND kernel-smp is earlier than 0:2.4.21-60.EL OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section kernel-xenU is earlier than 0:2.6.9-89.0.9.EL AND kernel-hugemem is earlier than 0:2.6.9-89.0.9.EL AND kernel-hugemem-devel is earlier than 0:2.6.9-89.0.9.EL AND kernel-xenU-devel is earlier than 0:2.6.9-89.0.9.EL AND kernel-smp-devel is earlier than 0:2.6.9-89.0.9.EL AND kernel-largesmp-devel is earlier than 0:2.6.9-89.0.9.EL AND kernel is earlier than 0:2.6.9-89.0.9.EL AND kernel-devel is earlier than 0:2.6.9-89.0.9.EL AND kernel-doc is earlier than 0:2.6.9-89.0.9.EL AND kernel-largesmp is earlier than 0:2.6.9-89.0.9.EL AND kernel-smp is earlier than 0:2.6.9-89.0.9.EL OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section kernel-kdump is earlier than 0:2.6.18-128.7.1.el5 AND kernel-debug is earlier than 0:2.6.18-128.7.1.el5 AND kernel-xen is earlier than 0:2.6.18-128.7.1.el5 AND kernel-headers is earlier than 0:2.6.18-128.7.1.el5 AND kernel-kdump-devel is earlier than 0:2.6.18-128.7.1.el5 AND kernel-xen-devel is earlier than 0:2.6.18-128.7.1.el5 AND kernel is earlier than 0:2.6.18-128.7.1.el5 AND kernel-PAE-devel is earlier than 0:2.6.18-128.7.1.el5 AND kernel-devel is earlier than 0:2.6.18-128.7.1.el5 AND kernel-PAE is earlier than 0:2.6.18-128.7.1.el5 AND kernel-debug-devel is earlier than 0:2.6.18-128.7.1.el5 AND kernel-doc is earlier than 0:2.6.18-128.7.1.el5

Definition Id: oval:org.mitre.oval:def:8557

Oval ID:	oval:org.mitre.oval:def:8557
Title:	VMware kernel udp_sendmsg function vulnerability
Description:	The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2698	Version:	2
Platform(s):	VMWare ESX Server 4	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-200911201-UG is not installed

Definition Id: oval:org.mitre.oval:def:11514

Oval ID:	oval:org.mitre.oval:def:11514
Title:	Service Console update for COS kernel
Description:	The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2698	Version:	3
Platform(s):	VMWare ESX Server 3.5	Product(s):
Definition Synopsis:
VMware ESX Server 3.5.0 is installed AND Patch ESX350-201006401-SG is not installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Linux Kernel cpe:/a:linux:kernel:2.6.25.15 cpe:/a:linux:kernel:2.6.24.7	2
Os	Linux Linux Kernel cpe:/o:linux:linux_kernel:2.6.30.4 cpe:/o:linux:linux_kernel:2.6.30.2 cpe:/o:linux:linux_kernel:2.6.30.1 cpe:/o:linux:linux_kernel:2.6.30:rc3 cpe:/o:linux:linux_kernel:2.6.30:rc7-git6 cpe:/o:linux:linux_kernel:2.6.30 cpe:/o:linux:linux_kernel:2.6.30:rc2 cpe:/o:linux:linux_kernel:2.6.30:rc1 cpe:/o:linux:linux_kernel:2.6.30:rc5 cpe:/o:linux:linux_kernel:2.6.30:rc6 cpe:/o:linux:linux_kernel:2.6.18.8 cpe:/o:linux:linux_kernel:2.6.18.7 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.16.62 cpe:/o:linux:linux_kernel:2.6.16.61 cpe:/o:linux:linux_kernel:2.6.16.60 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.16.59 cpe:/o:linux:linux_kernel:2.6.16.58 cpe:/o:linux:linux_kernel:2.6.16.57 cpe:/o:linux:linux_kernel:2.6.16.56 cpe:/o:linux:linux_kernel:2.6.16.55 cpe:/o:linux:linux_kernel:2.6.16.54 cpe:/o:linux:linux_kernel:2.6.16.53 cpe:/o:linux:linux_kernel:2.6.16.52 cpe:/o:linux:linux_kernel:2.6.16.51 cpe:/o:linux:linux_kernel:2.6.16.50 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.16.49 cpe:/o:linux:linux_kernel:2.6.16.48 cpe:/o:linux:linux_kernel:2.6.16.47 cpe:/o:linux:linux_kernel:2.6.16.46 cpe:/o:linux:linux_kernel:2.6.16.45 cpe:/o:linux:linux_kernel:2.6.16.44 cpe:/o:linux:linux_kernel:2.6.16.43 cpe:/o:linux:linux_kernel:2.6.16.42 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.4.9 cpe:/o:linux:linux_kernel:2.4.8 cpe:/o:linux:linux_kernel:2.4.7 cpe:/o:linux:linux_kernel:2.4.6 cpe:/o:linux:linux_kernel:2.4.5 cpe:/o:linux:linux_kernel:2.4.4 cpe:/o:linux:linux_kernel:2.4.37.1 cpe:/o:linux:linux_kernel:2.4.37:-rc1 cpe:/o:linux:linux_kernel:2.4.36.8 cpe:/o:linux:linux_kernel:2.4.36.7 cpe:/o:linux:linux_kernel:2.4.36.6 cpe:/o:linux:linux_kernel:2.4.36.5 cpe:/o:linux:linux_kernel:2.4.36.4 cpe:/o:linux:linux_kernel:2.4.36.3 cpe:/o:linux:linux_kernel:2.4.36.2 cpe:/o:linux:linux_kernel:2.4.36.1 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.4.35.3 cpe:/o:linux:linux_kernel:2.4.34 cpe:/o:linux:linux_kernel:2.4.33.7 cpe:/o:linux:linux_kernel:2.4.33.5 cpe:/o:linux:linux_kernel:2.4.33.4 cpe:/o:linux:linux_kernel:2.4.33.3 cpe:/o:linux:linux_kernel:2.4.33.2 cpe:/o:linux:linux_kernel:2.4.33:p-re1 cpe:/o:linux:linux_kernel:2.4.33 cpe:/o:linux:linux_kernel:2.4.32:-pre1 cpe:/o:linux:linux_kernel:2.4.32 cpe:/o:linux:linux_kernel:2.4.32:-pre2 cpe:/o:linux:linux_kernel:2.4.31:-pre1 cpe:/o:linux:linux_kernel:2.4.30 cpe:/o:linux:linux_kernel:2.4.30:rc2 cpe:/o:linux:linux_kernel:2.4.30:rc3 cpe:/o:linux:linux_kernel:2.4.29:-rc2 cpe:/o:linux:linux_kernel:2.4.29 cpe:/o:linux:linux_kernel:2.4.29:-rc1 cpe:/o:linux:linux_kernel:2.4.28 cpe:/o:linux:linux_kernel:2.4.27::-pre2 cpe:/o:linux:linux_kernel:2.4.27::-pre1 cpe:/o:linux:linux_kernel:2.4.27 cpe:/o:linux:linux_kernel:2.4.27::-pre5 cpe:/o:linux:linux_kernel:2.4.27::-pre4 cpe:/o:linux:linux_kernel:2.4.27::-pre3 cpe:/o:linux:linux_kernel:2.4.26 cpe:/o:linux:linux_kernel:2.4.25 cpe:/o:linux:linux_kernel:2.4.24::-ow1 cpe:/o:linux:linux_kernel:2.4.23 cpe:/o:linux:linux_kernel:2.4.23::-ow2 cpe:/o:linux:linux_kernel:2.4.23::-pre9 cpe:/o:linux:linux_kernel:2.4.22 cpe:/o:linux:linux_kernel:2.4.21 cpe:/o:linux:linux_kernel:2.4.21::-pre7 cpe:/o:linux:linux_kernel:2.4.21::-pre4 cpe:/o:linux:linux_kernel:2.4.21::-pre1 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.4.19::-pre3 cpe:/o:linux:linux_kernel:2.4.19::-pre4 cpe:/o:linux:linux_kernel:2.4.19::-pre5 cpe:/o:linux:linux_kernel:2.4.19::-pre1 cpe:/o:linux:linux_kernel:2.4.19::-pre6 cpe:/o:linux:linux_kernel:2.4.19::-pre2 cpe:/o:linux:linux_kernel:2.4.19 cpe:/o:linux:linux_kernel:2.4.18::pre-3 cpe:/o:linux:linux_kernel:2.4.18::pre-7 cpe:/o:linux:linux_kernel:2.4.18::pre-2 cpe:/o:linux:linux_kernel:2.4.18::pre-8 cpe:/o:linux:linux_kernel:2.4.18::x86 cpe:/o:linux:linux_kernel:2.4.18::pre-5 cpe:/o:linux:linux_kernel:2.4.18 cpe:/o:linux:linux_kernel:2.4.18::pre-1 cpe:/o:linux:linux_kernel:2.4.18::pre-6 cpe:/o:linux:linux_kernel:2.4.18::pre-4 cpe:/o:linux:linux_kernel:2.4.17 cpe:/o:linux:linux_kernel:2.4.16 cpe:/o:linux:linux_kernel:2.4.15 cpe:/o:linux:linux_kernel:2.4.14 cpe:/o:linux:linux_kernel:2.4.13 cpe:/o:linux:linux_kernel:2.4.12 cpe:/o:linux:linux_kernel:2.4.11 cpe:/o:linux:linux_kernel:2.4.10	223

ExploitDB Exploits

id	Description
2009-09-02	Linux Kernel < 2.6.19 udp_sendmsg Local Root Exploit
2009-09-02	Linux Kernel < 2.6.19 udp_sendmsg Local Root Exploit (x86/x64)
2009-08-31	Linux Kernel 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit
2009-08-24	Linux Kernel 2.4/2.6 sock_sendpage() ring0 Root Exploit (simple ver)
2009-08-18	Linux Kernel 2.x sock_sendpage() Local Root Exploit (Android Edition)

Open Source Vulnerability Database (OSVDB)

id	Description
57462	Linux Kernel net/ipv*/udp.c MSG_MORE Flag Local Privilege Escalation
56992	Linux Kernel Multiple Protocol proto_ops() Initialization NULL Dereference Lo...

Metasploit Database

id	Description
2009-08-13	Linux Kernel Sendpage Local Privilege Escalation

Type	Count
Oval ID(s)	6
CPE ID(s)	225
osvdb(s)	2
ExploitDB Exploit(s)	5
Metasploit Exploit(s)	1

Related	Severity
CVE-2009-2698	(High)
CVE-2009-2692	(High)

Same Subject	Severity
Login to view 16 more Alert(s)

RHSA-2009:1223

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

ExploitDB Exploits

Open Source Vulnerability Database (OSVDB)

Metasploit Database

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU