Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-2847
HistoryAug 18, 2009 - 12:00 a.m.

CVE-2009-2847

2009-08-1800:00:00
ubuntu.com
ubuntu.com
21

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

EPSS

0

Percentile

0.4%

The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through
2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not
clear certain padding bytes from a structure, which allows local users to
obtain sensitive information from the kernel stack via the sigaltstack
function.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchlinux< 2.6.24-25.63UNKNOWN
ubuntu8.10noarchlinux< 2.6.27-15.43UNKNOWN
ubuntu9.04noarchlinux< 2.6.28-16.55UNKNOWN
ubuntu6.06noarchlinux-source-2.6.15< 2.6.15-55.80UNKNOWN

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

EPSS

0

Percentile

0.4%