Lucene search

K

[email protected]NVD:CVE-2009-0029

HistoryJan 15, 2009 - 5:30 p.m.

CVE-2009-0029

2009-01-1517:30:00

CWE-20

[email protected]

web.nvd.nist.gov

5

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

4.8

Confidence

High

EPSS

0

Percentile

10.1%

The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call.

Affected configurations

Nvd

Node

linuxlinux_kernelRange≤2.6.28

Node

debiandebian_linuxMatch4.0

OR

debiandebian_linuxMatch5.0

References

lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html

marc.info/?l=linux-kernel&m=123155111608910&w=2

secunia.com/advisories/33477

secunia.com/advisories/33674

secunia.com/advisories/34394

secunia.com/advisories/34981

secunia.com/advisories/35011

www.debian.org/security/2009/dsa-1749

www.debian.org/security/2009/dsa-1787

www.debian.org/security/2009/dsa-1794

www.mandriva.com/security/advisories?name=MDVSA-2009:135

www.securityfocus.com/bid/33275

bugzilla.redhat.com/show_bug.cgi?id=479969

www.redhat.com/archives/fedora-package-announce/2009-January/msg01045.html

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

4.8

Confidence

High

EPSS

0

Percentile

10.1%

Related for NVD:CVE-2009-0029

prion1 cvelist1 ubuntucve1 cve1 seebug1 nessus9 openvas17 fedora2 suse1 debian3 ubuntu1 osv3 securityvulns1