Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-4138 | First vendor Publication | 2009-12-16 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 4.7 | Attack Range | Local |
| Cvss Impact Score | 6.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 3.4 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4138 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:7376 | |||
| Oval ID: | oval:org.mitre.oval:def:7376 | ||
| Title: | Linux Kernel 'drivers/firewire/ohci.c' NULL Pointer Dereference Denial of Service Vulnerability | ||
| Description: | drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4138 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:9527 | |||
| Oval ID: | oval:org.mitre.oval:def:9527 | ||
| Title: | drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. | ||
| Description: | drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-4138 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
| 2011-08-09 | Name : CentOS Update for kernel CESA-2010:0046 centos5 i386 File : nvt/gb_CESA-2010_0046_kernel_centos5_i386.nasl |
| 2010-02-19 | Name : SuSE Update for kernel SUSE-SA:2010:012 File : nvt/gb_suse_2010_012.nasl |
| 2010-02-08 | Name : Ubuntu Update for Linux kernel vulnerabilities USN-894-1 File : nvt/gb_ubuntu_USN_894_1.nasl |
| 2010-01-20 | Name : RedHat Update for kernel RHSA-2010:0046-01 File : nvt/gb_RHSA-2010_0046-01_kernel.nasl |
| 2010-01-20 | Name : SuSE Update for kernel SUSE-SA:2010:005 File : nvt/gb_suse_2010_005.nasl |
| 2010-01-15 | Name : SuSE Update for kernel SUSE-SA:2010:001 File : nvt/gb_suse_2010_001.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 61309 | Linux Kernel drivers/firewire/ohci.c ISO Packet IOCTL Handling Local DoS |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2010-01-28 | IAVM : 2010-A-0015 - Multiple Vulnerabilities in Red Hat Linux Kernel Severity : Category I - VMSKEY : V0022631 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0046.nasl - Type : ACT_GATHER_INFO |
| 2011-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100109.nasl - Type : ACT_GATHER_INFO |
| 2010-06-01 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO |
| 2010-03-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2005.nasl - Type : ACT_GATHER_INFO |
| 2010-02-16 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kernel-100203.nasl - Type : ACT_GATHER_INFO |
| 2010-02-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-894-1.nasl - Type : ACT_GATHER_INFO |
| 2010-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0046.nasl - Type : ACT_GATHER_INFO |
| 2010-01-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0046.nasl - Type : ACT_GATHER_INFO |
| 2010-01-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kernel-100107.nasl - Type : ACT_GATHER_INFO |
| 2010-01-15 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-100108.nasl - Type : ACT_GATHER_INFO |
| 2010-01-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_kernel-091218.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:09:45 |
|
| 2024-11-28 12:20:19 |
|
| 2024-08-02 12:12:32 |
|
| 2024-08-02 01:03:24 |
|
| 2024-02-02 01:12:00 |
|
| 2024-02-01 12:03:21 |
|
| 2023-09-05 12:11:17 |
|
| 2023-09-05 01:03:12 |
|
| 2023-09-02 12:11:21 |
|
| 2023-09-02 01:03:14 |
|
| 2023-08-12 12:13:20 |
|
| 2023-08-12 01:03:13 |
|
| 2023-08-11 12:11:24 |
|
| 2023-08-11 01:03:21 |
|
| 2023-08-06 12:10:57 |
|
| 2023-08-06 01:03:15 |
|
| 2023-08-04 12:11:02 |
|
| 2023-08-04 01:03:17 |
|
| 2023-07-14 12:10:58 |
|
| 2023-07-14 01:03:15 |
|
| 2023-03-29 01:12:35 |
|
| 2023-03-28 12:03:21 |
|
| 2023-02-13 09:29:13 |
|
| 2022-10-11 12:09:47 |
|
| 2022-10-11 01:03:03 |
|
| 2022-03-11 01:08:11 |
|
| 2021-05-04 12:10:32 |
|
| 2021-04-22 01:11:00 |
|
| 2020-08-11 12:04:40 |
|
| 2020-08-08 01:04:42 |
|
| 2020-08-07 12:04:46 |
|
| 2020-08-01 12:04:44 |
|
| 2020-07-30 01:04:52 |
|
| 2020-05-23 01:41:09 |
|
| 2020-05-23 00:24:39 |
|
| 2019-01-25 12:02:56 |
|
| 2018-11-17 12:01:28 |
|
| 2018-10-30 12:03:08 |
|
| 2017-09-19 09:23:31 |
|
| 2016-08-05 12:02:17 |
|
| 2016-06-29 00:08:12 |
|
| 2016-06-28 17:54:47 |
|
| 2016-04-26 19:17:17 |
|
| 2016-03-09 13:25:54 |
|
| 2014-11-27 13:27:38 |
|
| 2014-02-17 10:52:31 |
|
| 2013-11-11 12:38:27 |
|
| 2013-05-11 00:01:44 |
|
