Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2692

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2009-2692
Last Modified 22 Oct 2012 11:09:42
Published 14 Aug 2009 11:16:27
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-2692

Summary

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

Vulnerable Systems

Operating System

  • Linux Kernel 2.4.10

  • Linux Kernel 2.4.11

  • Linux Kernel 2.4.12

  • Linux Kernel 2.4.13

  • Linux Kernel 2.4.14

  • Linux Kernel 2.4.15

  • Linux Kernel 2.4.16

  • Linux Kernel 2.4.17

  • Linux Kernel 2.4.18

  • Linux Kernel 2.4.19

  • Linux Kernel 2.4.20

  • Linux Kernel 2.4.21

  • Linux Kernel 2.4.22

  • Linux Kernel 2.4.23

  • Linux Kernel 2.4.24

  • Linux Kernel 2.4.25

  • Linux Kernel 2.4.26

  • Linux Kernel 2.4.27

  • Linux Kernel 2.4.28

  • Linux Kernel 2.4.29

  • Linux Kernel 2.4.30

  • Linux Kernel 2.4.31

  • Linux Kernel 2.4.32

  • Linux Kernel 2.4.33

  • Linux Kernel 2.4.33.2

  • Linux Kernel 2.4.33.3

  • Linux Kernel 2.4.33.4

  • Linux Kernel 2.4.33.5

  • Linux Kernel 2.4.33.7

  • Linux Kernel 2.4.34

  • Linux Kernel 2.4.35.3

  • Linux Kernel 2.4.36

  • Linux Kernel 2.4.36.1

  • Linux Kernel 2.4.36.2

  • Linux Kernel 2.4.36.3

  • Linux Kernel 2.4.36.4

  • Linux Kernel 2.4.36.5

  • Linux Kernel 2.4.36.6

  • Linux Kernel 2.4.36.7

  • Linux Kernel 2.4.36.8

  • Linux Kernel 2.4.37

  • Linux Kernel 2.4.37.1

  • Linux Kernel 2.4.4

  • Linux Kernel 2.4.5

  • Linux Kernel 2.4.6

  • Linux Kernel 2.4.7

  • Linux Kernel 2.4.8

  • Linux Kernel 2.4.9

  • Linux Kernel 2.6

  • Linux Kernel 2.6.0

  • Linux Kernel 2.6.1

  • Linux Kernel 2.6.10

  • Linux Kernel 2.6.11

  • Linux Kernel 2.6.11.1

  • Linux Kernel 2.6.11.10

  • Linux Kernel 2.6.11.11

  • Linux Kernel 2.6.11.12

  • Linux Kernel 2.6.11.2

  • Linux Kernel 2.6.11.3

  • Linux Kernel 2.6.11.4

  • Linux Kernel 2.6.11.5

  • Linux Kernel 2.6.11.6

  • Linux Kernel 2.6.11.7

  • Linux Kernel 2.6.11.8

  • Linux Kernel 2.6.11.9

  • Linux Kernel 2.6.12

  • Linux Kernel 2.6.12.1

  • Linux Kernel 2.6.12.2

  • Linux Kernel 2.6.12.3

  • Linux Kernel 2.6.12.4

  • Linux Kernel 2.6.12.5

  • Linux Kernel 2.6.12.6

  • Linux Kernel 2.6.13

  • Linux Kernel 2.6.13.1

  • Linux Kernel 2.6.13.2

  • Linux Kernel 2.6.13.3

  • Linux Kernel 2.6.13.4

  • Linux Kernel 2.6.13.5

  • Linux Kernel 2.6.14

  • Linux Kernel 2.6.14.1

  • Linux Kernel 2.6.14.2

  • Linux Kernel 2.6.14.3

  • Linux Kernel 2.6.14.4

  • Linux Kernel 2.6.14.5

  • Linux Kernel 2.6.14.6

  • Linux Kernel 2.6.14.7

  • Linux Kernel 2.6.15

  • Linux Kernel 2.6.15.1

  • Linux Kernel 2.6.15.2

  • Linux Kernel 2.6.15.3

  • Linux Kernel 2.6.15.4

  • Linux Kernel 2.6.15.5

  • Linux Kernel 2.6.15.6

  • Linux Kernel 2.6.15.7

  • Linux Kernel 2.6.16

  • Linux Kernel 2.6.16.1

  • Linux Kernel 2.6.16.10

  • Linux Kernel 2.6.16.11

  • Linux Kernel 2.6.16.12

  • Linux Kernel 2.6.16.13

  • Linux Kernel 2.6.16.14

  • Linux Kernel 2.6.16.15

  • Linux Kernel 2.6.16.16

  • Linux Kernel 2.6.16.17

  • Linux Kernel 2.6.16.18

  • Linux Kernel 2.6.16.19

  • Linux Kernel 2.6.16.2

  • Linux Kernel 2.6.16.20

  • Linux Kernel 2.6.16.21

  • Linux Kernel 2.6.16.22

  • Linux Kernel 2.6.16.23

  • Linux Kernel 2.6.16.24

  • Linux Kernel 2.6.16.25

  • Linux Kernel 2.6.16.26

  • Linux Kernel 2.6.16.27

  • Linux Kernel 2.6.16.28

  • Linux Kernel 2.6.30

  • Linux Kernel 2.6.30.1

  • Linux Kernel 2.6.30.2

  • Linux Kernel 2.6.30.4

Application

  • Linux Kernel 2.6.24.7

  • Linux Kernel 2.6.25.15


References

VUPEN - ADV-2009-2272

CONFIRM - https://issues.rpath.com/browse/RPL-3103

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=516949

MISC - http://zenthought.org/content/file/android-root-2009-08-16-source

VUPEN - ADV-2009-3316

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

BID - 36038

BUGTRAQ - 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

BUGTRAQ - 20090818 rPSA-2009-0121-1 kernel open-vm-tools

BUGTRAQ - 20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations

REDHAT - RHSA-2009:1233

MLIST - [oss-security] 20090814 CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc

CONFIRM - http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6

CONFIRM - http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5

CONFIRM - http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5

DEBIAN - DSA-1865

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121

CONFIRM - http://support.avaya.com/css/P8/documents/100067254

SECUNIA - 37471

SECUNIA - 37298

SECUNIA - 36430

SECUNIA - 36327

SECUNIA - 36289

SECUNIA - 36278

REDHAT - RHSA-2009:1223

REDHAT - RHSA-2009:1222

SUSE - SUSE-SR:2009:015

MISC - http://grsecurity.net/~spender/wunderbar_emporium.tgz

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3

MISC - http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html

EXPLOIT-DB - 19933

MANDRIVA - MDVSA-2009:233


Last Updated: 27 May 2016 10:49:34