CVE-2009-2903 — HIGH (7.1) — White Hats Nepal

Q: How severe is CVE-2009-2903?

CVE-2009-2903 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-2903?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit.

Vulnerability Description

Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams.

CVSS Score

7.1

HIGH

AV:N/AC:M/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 2.4.0, <= 2.4.37.6
Suse	Linux Enterprise Debuginfo	10
Suse	Linux Enterprise Desktop	10
Suse	Linux Enterprise Server	9
Suse	Linux Enterprise Software Development Kit	10
Canonical	Ubuntu Linux	6.06

Related Weaknesses (CWE)

CWE-772

References

http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git%3Ba=commit%3Bh=
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/36707Third Party Advisory
http://secunia.com/advisories/37105Third Party Advisory
http://secunia.com/advisories/37909Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:329Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/09/14/1Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2009/09/14/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2009/09/17/11Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/36379Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-852-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=522331Issue TrackingThird Party Advisory

FAQ

What is CVE-2009-2903?

CVE-2009-2903 is a vulnerability with a CVSS score of 7.1 (HIGH). Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows...

How severe is CVE-2009-2903?

CVE-2009-2903 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-2903?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit.