Lucene search

K

[email protected]NVD:CVE-2009-3725

HistoryNov 06, 2009 - 3:30 p.m.

CVE-2009-3725

2009-11-0615:30:00

CWE-264

[email protected]

web.nvd.nist.gov

7

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

High

EPSS

0

Percentile

10.1%

The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems.

Affected configurations

Nvd

Node

linuxlinux_kernelRange<2.6.31.5

Node

canonicalubuntu_linuxMatch6.06lts

OR

canonicalubuntu_linuxMatch8.04lts

OR

canonicalubuntu_linuxMatch8.10

OR

canonicalubuntu_linuxMatch9.04

OR

canonicalubuntu_linuxMatch9.10

References

marc.info/?l=linux-kernel&m=125449888416314&w=2

marc.info/?l=oss-security&m=125715484511380&w=2

marc.info/?l=oss-security&m=125716192622235&w=2

patchwork.kernel.org/patch/51382/

patchwork.kernel.org/patch/51383/

patchwork.kernel.org/patch/51384/

patchwork.kernel.org/patch/51387/

secunia.com/advisories/37113

secunia.com/advisories/38905

www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5

www.securityfocus.com/bid/36834

www.ubuntu.com/usn/usn-864-1

xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

High

EPSS

0

Percentile

10.1%

Related for NVD:CVE-2009-3725

seebug1 osv2 prion2 cve2 nessus3 ubuntucve2 redhatcve2 debian2 cvelist2 openvas4 nvd1 ubuntu1