Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-2692
HistoryAug 13, 2009 - 12:00 a.m.

CVE-2009-2692

2009-08-1300:00:00
ubuntu.com
ubuntu.com
33

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

15.1%

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does
not initialize all function pointers for socket operations in proto_ops
structures, which allows local users to trigger a NULL pointer dereference
and gain privileges by using mmap to map page zero, placing arbitrary code
on this page, and then invoking an unavailable operation, as demonstrated
by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchlinux-source-2.6.15< 2.6.15-54.79UNKNOWN
ubuntu8.04noarchlinux< 2.6.24-24.59UNKNOWN
ubuntu8.10noarchlinux< 2.6.27-14.39UNKNOWN
ubuntu9.04noarchlinux< 2.6.28-15.49UNKNOWN

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

15.1%