Lucene search

Veracode Vulnerability DatabaseVERACODE:23778

HistoryApr 10, 2020 - 12:36 a.m.

Privilege Escalation

2020-04-1000:36:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

kernel is vulnerable to privilege escalation. The SOCKOPS_WRAP macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges.

CPENameOperatorVersion
kernel-rteq2.6.24.7__111.el5rt
kernel-rteq2.6.24.7__81.el5rt
kernel-rteq2.6.24.7__117.el5rt
kernel-rteq2.6.24.7__101.el5rt
kernel-rteq2.6.24.7__108.el5rt
kernel-rteq2.6.24.7__93.el5rt
kernel-rteq2.6.24.7__126.el5rt
kernel-rteq2.6.24.7__74.el5rt
kerneleq2.6.18__8.1.14.el5
kerneleq2.6.18__92.1.17.el5

Name	Operator	Version
kernel-rt	eq	2.6.24.7__111.el5rt
kernel-rt	eq	2.6.24.7__81.el5rt
kernel-rt	eq	2.6.24.7__117.el5rt
kernel-rt	eq	2.6.24.7__101.el5rt
kernel-rt	eq	2.6.24.7__108.el5rt
kernel-rt	eq	2.6.24.7__93.el5rt
kernel-rt	eq	2.6.24.7__126.el5rt
kernel-rt	eq	2.6.24.7__74.el5rt
kernel	eq	2.6.18__8.1.14.el5
kernel	eq	2.6.18__92.1.17.el5

Rows per page:

1-10 of 901

References

archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html

blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html

git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98

grsecurity.net/~spender/wunderbar_emporium.tgz

lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html

rhn.redhat.com/errata/RHSA-2009-1222.html

rhn.redhat.com/errata/RHSA-2009-1223.html

secunia.com/advisories/36278

secunia.com/advisories/36289

secunia.com/advisories/36327

secunia.com/advisories/36430

secunia.com/advisories/37298

secunia.com/advisories/37471

support.avaya.com/css/P8/documents/100067254

wiki.rpath.com/wiki/Advisories:rPSA-2009-0121

www.debian.org/security/2009/dsa-1865

www.exploit-db.com/exploits/19933

www.exploit-db.com/exploits/9477

www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5

www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5

www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6

www.mandriva.com/security/advisories?name=MDVSA-2009:233

www.openwall.com/lists/oss-security/2009/08/14/1

www.redhat.com/security/updates/classification/#important

www.redhat.com/support/errata/RHSA-2009-1233.html

www.securityfocus.com/archive/1/505751/100/0/threaded

www.securityfocus.com/archive/1/505912/100/0/threaded

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/archive/1/512019/100/0/threaded

www.securityfocus.com/bid/36038

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/2272

www.vupen.com/english/advisories/2009/3316

zenthought.org/content/file/android-root-2009-08-16-source

access.redhat.com/errata/RHSA-2009:1239

bugzilla.redhat.com/show_bug.cgi?id=516949

issues.rpath.com/browse/RPL-3103

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Privilege Escalation

References

Related