CVE-2009-2692 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2009-2692?

CVE-2009-2692 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-2692?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Suse Linux Enterprise Real Time, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.

Vulnerability Description

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 2.4.4, < 2.4.37.5
Debian	Debian Linux	4.0
Suse	Linux Enterprise Real Time	10
Redhat	Enterprise Linux Desktop	4.0
Redhat	Enterprise Linux Eus	4.8
Redhat	Enterprise Linux Server	4.0
Redhat	Enterprise Linux Server Aus	5.3
Redhat	Enterprise Linux Workstation	4.0

Related Weaknesses (CWE)

CWE-908

References

http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.htmlBroken LinkExploit
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.htmlExploitIssue Tracking
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=Broken Link
http://grsecurity.net/~spender/wunderbar_emporium.tgzBroken Link
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.htmlMailing List
http://rhn.redhat.com/errata/RHSA-2009-1222.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2009-1223.htmlThird Party Advisory
http://secunia.com/advisories/36278Broken LinkVendor Advisory
http://secunia.com/advisories/36289Broken LinkVendor Advisory
http://secunia.com/advisories/36327Broken LinkVendor Advisory
http://secunia.com/advisories/36430Broken LinkVendor Advisory
http://secunia.com/advisories/37298Broken LinkVendor Advisory
http://secunia.com/advisories/37471Broken LinkVendor Advisory
http://support.avaya.com/css/P8/documents/100067254Third Party Advisory

FAQ

What is CVE-2009-2692?

CVE-2009-2692 is a vulnerability with a CVSS score of 7.8 (HIGH). The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL...

How severe is CVE-2009-2692?

CVE-2009-2692 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-2692?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Suse Linux Enterprise Real Time, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.