Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1883

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2009-1883
Last Modified 19 Mar 2012 12:00:00
Published 18 Sep 2009 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1883

Summary

The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=505983

UBUNTU - USN-852-1

REDHAT - RHSA-2009:1438

MLIST - [oss-security] 20090915 Re: CVE-2009-1883 kernel: missing capability check in z90crypt

MLIST - [oss-security] 20090915 CVE-2009-1883 kernel: missing capability check in z90crypt

SECUNIA - 37105

SECUNIA - 36759

SUSE - SUSE-SA:2010:013


Last Updated: 27 May 2016 10:49:34