Lucene search

K
ubuntucve
Ubuntu.comUB:CVE-2009-3002
HistoryAug 28, 2009 - 12:00 a.m.

CVE-2009-3002

2009-08-2800:00:00
ubuntu.com
ubuntu.com
10

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

8.1%

The Linux kernel before 2.6.31-rc7 does not initialize certain data
structures within getname functions, which allows local users to read the
contents of some kernel memory locations by calling getsockname on (1) an
AF_APPLETALK socket, related to the atalk_getname function in
net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname
function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the
econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket,
related to the nr_getname function in net/netrom/af_netrom.c; (5) an
AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c;
or (6) a raw CAN socket, related to the raw_getname function in
net/can/raw.c.

OSVersionArchitecturePackageVersionFilename
ubuntu06.06noarchlinux-source-2.6.15< 2.6.15-55.80UNKNOWN
ubuntu08.04noarchlinux< 2.6.24-25.63UNKNOWN
ubuntu08.10noarchlinux< 2.6.27-15.43UNKNOWN
ubuntu09.04noarchlinux< 2.6.28-16.55UNKNOWN
How to protect your server from attacks?

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

8.1%

Related for UB:CVE-2009-3002