CVE-2009-1184

2009-05-0520:30:00

CWE-16

[email protected]

web.nvd.nist.gov

cve-2009-1184

selinux

linux kernel

network restrictions

security vulnerability

nvd

5.9 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

9.3%

JSON

The selinux_ip_postroute_iptables_compat function in security/selinux/hooks.c in the SELinux subsystem in the Linux kernel before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is enabled, omits calls to avc_has_perm for the (1) node and (2) port, which allows local users to bypass intended restrictions on network traffic. NOTE: this was incorrectly reported as an issue fixed in 2.6.27.21.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.27.12
linux:linux_kernellinux linux kerneleq2.6.20.6
linux:linux_kernellinux linux kerneleq2.6.25.4
linux:linux_kernellinux linux kerneleq2.6.25.11
linux:linux_kernellinux linux kerneleq2.6.28
linux:linux_kernellinux linux kerneleq2.6.20.9
linux:linux_kernellinux linux kerneleq2.6.26
linux:linux_kernellinux linux kerneleq2.6.18
linux:linux_kernellinux linux kerneleq2.6.11
linux:linux_kernellinux linux kerneleq2.6.25.9

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.27.12
linux:linux_kernel	linux linux kernel	eq	2.6.20.6
linux:linux_kernel	linux linux kernel	eq	2.6.25.4
linux:linux_kernel	linux linux kernel	eq	2.6.25.11
linux:linux_kernel	linux linux kernel	eq	2.6.28
linux:linux_kernel	linux linux kernel	eq	2.6.20.9
linux:linux_kernel	linux linux kernel	eq	2.6.26
linux:linux_kernel	linux linux kernel	eq	2.6.18
linux:linux_kernel	linux linux kernel	eq	2.6.11
linux:linux_kernel	linux linux kernel	eq	2.6.25.9