ID CVE-2009-2698
Summary The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.6
    cpe:2.3:o:linux:linux_kernel:2.6
  • Linux Kernel 2.6.0
    cpe:2.3:o:linux:linux_kernel:2.6.0
  • Linux Kernel 2.6.1
    cpe:2.3:o:linux:linux_kernel:2.6.1
  • Linux Kernel 2.6.10
    cpe:2.3:o:linux:linux_kernel:2.6.10
  • Linux Kernel 2.6.11
    cpe:2.3:o:linux:linux_kernel:2.6.11
  • Linux Kernel 2.6.11.1
    cpe:2.3:o:linux:linux_kernel:2.6.11.1
  • Linux Kernel 2.6.11.2
    cpe:2.3:o:linux:linux_kernel:2.6.11.2
  • Linux Kernel 2.6.11.3
    cpe:2.3:o:linux:linux_kernel:2.6.11.3
  • Linux Kernel 2.6.11.4
    cpe:2.3:o:linux:linux_kernel:2.6.11.4
  • Linux Kernel 2.6.11.5
    cpe:2.3:o:linux:linux_kernel:2.6.11.5
  • Linux Kernel 2.6.11.6
    cpe:2.3:o:linux:linux_kernel:2.6.11.6
  • Linux Kernel 2.6.11.7
    cpe:2.3:o:linux:linux_kernel:2.6.11.7
  • Linux Kernel 2.6.11.8
    cpe:2.3:o:linux:linux_kernel:2.6.11.8
  • Linux Kernel 2.6.11.9
    cpe:2.3:o:linux:linux_kernel:2.6.11.9
  • Linux Kernel 2.6.11.10
    cpe:2.3:o:linux:linux_kernel:2.6.11.10
  • Linux Kernel 2.6.11.11
    cpe:2.3:o:linux:linux_kernel:2.6.11.11
  • Linux Kernel 2.6.11.12
    cpe:2.3:o:linux:linux_kernel:2.6.11.12
  • Linux Kernel 2.6.12
    cpe:2.3:o:linux:linux_kernel:2.6.12
  • Linux Kernel 2.6.12.1
    cpe:2.3:o:linux:linux_kernel:2.6.12.1
  • Linux Kernel 2.6.12.2
    cpe:2.3:o:linux:linux_kernel:2.6.12.2
  • Linux Kernel 2.6.12.3
    cpe:2.3:o:linux:linux_kernel:2.6.12.3
  • Linux Kernel 2.6.12.4
    cpe:2.3:o:linux:linux_kernel:2.6.12.4
  • Linux Kernel 2.6.12.5
    cpe:2.3:o:linux:linux_kernel:2.6.12.5
  • Linux Kernel 2.6.12.6
    cpe:2.3:o:linux:linux_kernel:2.6.12.6
  • Linux Kernel 2.6.13
    cpe:2.3:o:linux:linux_kernel:2.6.13
  • Linux Kernel 2.6.13.1
    cpe:2.3:o:linux:linux_kernel:2.6.13.1
  • Linux Kernel 2.6.13.2
    cpe:2.3:o:linux:linux_kernel:2.6.13.2
  • Linux Kernel 2.6.13.3
    cpe:2.3:o:linux:linux_kernel:2.6.13.3
  • Linux Kernel 2.6.13.4
    cpe:2.3:o:linux:linux_kernel:2.6.13.4
  • Linux Kernel 2.6.13.5
    cpe:2.3:o:linux:linux_kernel:2.6.13.5
  • Linux Kernel 2.6.14
    cpe:2.3:o:linux:linux_kernel:2.6.14
  • Linux Kernel 2.6.14.1
    cpe:2.3:o:linux:linux_kernel:2.6.14.1
  • Linux Kernel 2.6.14.2
    cpe:2.3:o:linux:linux_kernel:2.6.14.2
  • Linux Kernel 2.6.14.3
    cpe:2.3:o:linux:linux_kernel:2.6.14.3
  • Linux Kernel 2.6.14.4
    cpe:2.3:o:linux:linux_kernel:2.6.14.4
  • Linux Kernel 2.6.14.5
    cpe:2.3:o:linux:linux_kernel:2.6.14.5
  • Linux Kernel 2.6.14.6
    cpe:2.3:o:linux:linux_kernel:2.6.14.6
  • Linux Kernel 2.6.14.7
    cpe:2.3:o:linux:linux_kernel:2.6.14.7
  • Linux Kernel 2.6.15
    cpe:2.3:o:linux:linux_kernel:2.6.15
  • Linux Kernel 2.6.15.1
    cpe:2.3:o:linux:linux_kernel:2.6.15.1
  • Linux Kernel 2.6.15.2
    cpe:2.3:o:linux:linux_kernel:2.6.15.2
  • Linux Kernel 2.6.15.3
    cpe:2.3:o:linux:linux_kernel:2.6.15.3
  • Linux Kernel 2.6.15.4
    cpe:2.3:o:linux:linux_kernel:2.6.15.4
  • Linux Kernel 2.6.15.5
    cpe:2.3:o:linux:linux_kernel:2.6.15.5
  • Linux Kernel 2.6.15.6
    cpe:2.3:o:linux:linux_kernel:2.6.15.6
  • Linux Kernel 2.6.15.7
    cpe:2.3:o:linux:linux_kernel:2.6.15.7
  • Linux Kernel 2.6.16
    cpe:2.3:o:linux:linux_kernel:2.6.16
  • Linux Kernel 2.6.16.1
    cpe:2.3:o:linux:linux_kernel:2.6.16.1
  • Linux Kernel 2.6.16.2
    cpe:2.3:o:linux:linux_kernel:2.6.16.2
  • Linux Kernel 2.6.16.3
    cpe:2.3:o:linux:linux_kernel:2.6.16.3
  • Linux Kernel 2.6.16.4
    cpe:2.3:o:linux:linux_kernel:2.6.16.4
  • Linux Kernel 2.6.16.5
    cpe:2.3:o:linux:linux_kernel:2.6.16.5
  • Linux Kernel 2.6.16.6
    cpe:2.3:o:linux:linux_kernel:2.6.16.6
  • Linux Kernel 2.6.16.7
    cpe:2.3:o:linux:linux_kernel:2.6.16.7
  • Linux Kernel 2.6.16.8
    cpe:2.3:o:linux:linux_kernel:2.6.16.8
  • Linux Kernel 2.6.16.9
    cpe:2.3:o:linux:linux_kernel:2.6.16.9
  • Linux Kernel 2.6.16.10
    cpe:2.3:o:linux:linux_kernel:2.6.16.10
  • Linux Kernel 2.6.16.11
    cpe:2.3:o:linux:linux_kernel:2.6.16.11
  • Linux Kernel 2.6.16.12
    cpe:2.3:o:linux:linux_kernel:2.6.16.12
  • Linux Kernel 2.6.16.13
    cpe:2.3:o:linux:linux_kernel:2.6.16.13
  • Linux Kernel 2.6.16.14
    cpe:2.3:o:linux:linux_kernel:2.6.16.14
  • Linux Kernel 2.6.16.15
    cpe:2.3:o:linux:linux_kernel:2.6.16.15
  • Linux Kernel 2.6.16.16
    cpe:2.3:o:linux:linux_kernel:2.6.16.16
  • Linux Kernel 2.6.16.17
    cpe:2.3:o:linux:linux_kernel:2.6.16.17
  • Linux Kernel 2.6.16.18
    cpe:2.3:o:linux:linux_kernel:2.6.16.18
  • Linux Kernel 2.6.16.19
    cpe:2.3:o:linux:linux_kernel:2.6.16.19
  • Linux Kernel 2.6.16.20
    cpe:2.3:o:linux:linux_kernel:2.6.16.20
  • Linux Kernel 2.6.16.21
    cpe:2.3:o:linux:linux_kernel:2.6.16.21
  • Linux Kernel 2.6.16.22
    cpe:2.3:o:linux:linux_kernel:2.6.16.22
  • Linux Kernel 2.6.16.23
    cpe:2.3:o:linux:linux_kernel:2.6.16.23
  • Linux Kernel 2.6.16.24
    cpe:2.3:o:linux:linux_kernel:2.6.16.24
  • Linux Kernel 2.6.16.25
    cpe:2.3:o:linux:linux_kernel:2.6.16.25
  • Linux Kernel 2.6.16.26
    cpe:2.3:o:linux:linux_kernel:2.6.16.26
  • Linux Kernel 2.6.16.27
    cpe:2.3:o:linux:linux_kernel:2.6.16.27
  • Linux Kernel 2.6.16.28
    cpe:2.3:o:linux:linux_kernel:2.6.16.28
  • Linux Kernel 2.6.16.29
    cpe:2.3:o:linux:linux_kernel:2.6.16.29
  • Linux Kernel 2.6.16.30
    cpe:2.3:o:linux:linux_kernel:2.6.16.30
  • Linux Kernel 2.6.16.31
    cpe:2.3:o:linux:linux_kernel:2.6.16.31
  • Linux Kernel 2.6.16.32
    cpe:2.3:o:linux:linux_kernel:2.6.16.32
  • Linux Kernel 2.6.16.33
    cpe:2.3:o:linux:linux_kernel:2.6.16.33
  • Linux Kernel 2.6.16.34
    cpe:2.3:o:linux:linux_kernel:2.6.16.34
  • Linux Kernel 2.6.16.35
    cpe:2.3:o:linux:linux_kernel:2.6.16.35
  • Linux Kernel 2.6.16.36
    cpe:2.3:o:linux:linux_kernel:2.6.16.36
  • Linux Kernel 2.6.16.37
    cpe:2.3:o:linux:linux_kernel:2.6.16.37
  • Linux Kernel 2.6.16.38
    cpe:2.3:o:linux:linux_kernel:2.6.16.38
  • Linux Kernel 2.6.16.39
    cpe:2.3:o:linux:linux_kernel:2.6.16.39
  • Linux Kernel 2.6.16.40
    cpe:2.3:o:linux:linux_kernel:2.6.16.40
  • Linux Kernel 2.6.16.41
    cpe:2.3:o:linux:linux_kernel:2.6.16.41
  • Linux Kernel 2.6.16.42
    cpe:2.3:o:linux:linux_kernel:2.6.16.42
  • Linux Kernel 2.6.16.43
    cpe:2.3:o:linux:linux_kernel:2.6.16.43
  • Linux Kernel 2.6.16.44
    cpe:2.3:o:linux:linux_kernel:2.6.16.44
  • Linux Kernel 2.6.16.45
    cpe:2.3:o:linux:linux_kernel:2.6.16.45
  • Linux Kernel 2.6.16.46
    cpe:2.3:o:linux:linux_kernel:2.6.16.46
  • Linux Kernel 2.6.16.47
    cpe:2.3:o:linux:linux_kernel:2.6.16.47
  • Linux Kernel 2.6.16.48
    cpe:2.3:o:linux:linux_kernel:2.6.16.48
  • Linux Kernel 2.6.16.49
    cpe:2.3:o:linux:linux_kernel:2.6.16.49
  • Linux Kernel 2.6.16.50
    cpe:2.3:o:linux:linux_kernel:2.6.16.50
  • Linux Kernel 2.6.16.51
    cpe:2.3:o:linux:linux_kernel:2.6.16.51
  • Linux Kernel 2.6.16.52
    cpe:2.3:o:linux:linux_kernel:2.6.16.52
  • Linux Kernel 2.6.16.53
    cpe:2.3:o:linux:linux_kernel:2.6.16.53
  • Linux Kernel 2.6.16.54
    cpe:2.3:o:linux:linux_kernel:2.6.16.54
  • Linux Kernel 2.16.55
    cpe:2.3:o:linux:linux_kernel:2.6.16.55
  • Linux Kernel 2.6.16.56
    cpe:2.3:o:linux:linux_kernel:2.6.16.56
  • Linux Kernel 2.6.16.57
    cpe:2.3:o:linux:linux_kernel:2.6.16.57
  • Linux Kernel 2.6.16.58
    cpe:2.3:o:linux:linux_kernel:2.6.16.58
  • Linux Kernel 2.6.16.59
    cpe:2.3:o:linux:linux_kernel:2.6.16.59
  • Linux Kernel 2.6.16.60
    cpe:2.3:o:linux:linux_kernel:2.6.16.60
  • Linux Kernel 2.6.16.61
    cpe:2.3:o:linux:linux_kernel:2.6.16.61
  • Linux Kernel 2.6.16.62
    cpe:2.3:o:linux:linux_kernel:2.6.16.62
  • Linux Kernel 2.6.17
    cpe:2.3:o:linux:linux_kernel:2.6.17
  • Linux Kernel 2.6.17.1
    cpe:2.3:o:linux:linux_kernel:2.6.17.1
  • Linux Kernel 2.6.17.2
    cpe:2.3:o:linux:linux_kernel:2.6.17.2
  • Linux Kernel 2.6.17.3
    cpe:2.3:o:linux:linux_kernel:2.6.17.3
  • Linux Kernel 2.6.17.4
    cpe:2.3:o:linux:linux_kernel:2.6.17.4
  • Linux Kernel 2.6.17.5
    cpe:2.3:o:linux:linux_kernel:2.6.17.5
  • Linux Kernel 2.6.17.6
    cpe:2.3:o:linux:linux_kernel:2.6.17.6
  • Linux Kernel 2.6.17.7
    cpe:2.3:o:linux:linux_kernel:2.6.17.7
  • Linux Kernel 2.6.17.8
    cpe:2.3:o:linux:linux_kernel:2.6.17.8
  • Linux Kernel 2.6.17.9
    cpe:2.3:o:linux:linux_kernel:2.6.17.9
  • Linux Kernel 2.6.17.10
    cpe:2.3:o:linux:linux_kernel:2.6.17.10
  • Linux Kernel 2.6.17.11
    cpe:2.3:o:linux:linux_kernel:2.6.17.11
  • Linux Kernel 2.6.17.12
    cpe:2.3:o:linux:linux_kernel:2.6.17.12
  • Linux Kernel 2.6.17.13
    cpe:2.3:o:linux:linux_kernel:2.6.17.13
  • Linux Kernel 2.6.17.14
    cpe:2.3:o:linux:linux_kernel:2.6.17.14
  • Linux Kernel 2.6.18
    cpe:2.3:o:linux:linux_kernel:2.6.18
  • Linux Kernel 2.6.18.1
    cpe:2.3:o:linux:linux_kernel:2.6.18.1
  • Linux Kernel 2.6.18.2
    cpe:2.3:o:linux:linux_kernel:2.6.18.2
  • Linux Kernel 2.6.18.3
    cpe:2.3:o:linux:linux_kernel:2.6.18.3
  • Linux Kernel 2.6.18.4
    cpe:2.3:o:linux:linux_kernel:2.6.18.4
  • Linux Kernel 2.6.18.5
    cpe:2.3:o:linux:linux_kernel:2.6.18.5
  • Linux Kernel 2.6.18.6
    cpe:2.3:o:linux:linux_kernel:2.6.18.6
  • Linux Kernel 2.6.18.7
    cpe:2.3:o:linux:linux_kernel:2.6.18.7
  • Linux Kernel 2.6.18.8
    cpe:2.3:o:linux:linux_kernel:2.6.18.8
CVSS
Base: 7.2 (as of 28-08-2009 - 08:18)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description Linux Kernel < 2.6.19 udp_sendmsg Local Root Exploit. CVE-2009-2698. Local exploit for linux platform
    id EDB-ID:9575
    last seen 2016-02-01
    modified 2009-09-02
    published 2009-09-02
    reporter Andi
    source https://www.exploit-db.com/download/9575/
    title Linux Kernel < 2.6.19 - udp_sendmsg Local Root Exploit
  • description Linux Kernel 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit. CVE-2009-2698. Local exploit for linux platform
    id EDB-ID:9542
    last seen 2016-02-01
    modified 2009-08-31
    published 2009-08-31
    reporter INetCop Security
    source https://www.exploit-db.com/download/9542/
    title Linux Kernel 2.6 < 2.6.19 - 32-bit ip_append_data ring0 Root Exploit
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12487.NASL
    description This update fixes a single critical security issue in the SUSE Linux Enterprise 9 kernel. - A missing check in the MSG_PROBE handling can be used to execute privileges to root. (CVE-2009-2698)
    last seen 2019-02-21
    modified 2013-11-29
    plugin id 41322
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41322
    title SuSE9 Security Update : Linux kernel (YOU Patch Number 12487)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2009-0016_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89117
    published 2016-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89117
    title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1469.NASL
    description Updated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in the Linux kernel. This driver allowed interfaces using this driver to receive frames larger than what could be handled. This could lead to a remote denial of service or code execution. (CVE-2009-1389, Important) * Tavis Ormandy and Julien Tinnes of the Google Security Team reported a flaw in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * Tavis Ormandy and Julien Tinnes of the Google Security Team reported a flaw in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2017-01-10
    plugin id 63899
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63899
    title RHEL 4 : kernel (RHSA-2009:1469)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0010.NASL
    description a. Service Console update for COS kernel The service console package kernel is updated to version 2.4.21-63. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5029, CVE-2008-5300, CVE-2009-1337, CVE-2009-1385, CVE-2009-1895, CVE-2009-2848, CVE-2009-3002, and CVE-2009-3547 to the security issues fixed in kernel-2.4.21-63. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2698, CVE-2009-2692 to the security issues fixed in kernel-2.4.21-60.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 47150
    published 2010-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47150
    title VMSA-2010-0010 : ESX 3.5 third-party update for Service Console kernel
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2009-0016.NASL
    description a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the following security issue. Note that the same security issue is present in the ESX Service Console as described in section d. of this advisory. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the 'ntp' user. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue. The NTP security issue identified by CVE-2009-0159 is not relevant for ESXi 3.5 and ESXi 4.0. d. Service Console update for ntp Service Console package ntp updated to version ntp-4.2.2pl-9el5_3.2 The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. The Service Console present in ESX is affected by the following security issues. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the 'ntp' user. NTP authentication is not enabled by default on the Service Console. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0159 to this issue. e. Updated Service Console package kernel Updated Service Console package kernel addresses the security issues listed below. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0778 to the security issues fixed in kernel 2.6.18-128.1.6. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337, CVE-2009-0787, CVE-2009-1336 to the security issues fixed in kernel 2.6.18-128.1.10. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072, CVE-2009-1630, CVE-2009-1192 to the security issues fixed in kernel 2.6.18-128.1.14. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388, CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the security issues fixed in kernel 2.6.18-128.4.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2692, CVE-2009-2698 to the security issues fixed in kernel 2.6.18-128.7.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues fixed in kernel 2.6.18-164. f. Updated Service Console package python Service Console package Python update to version 2.4.3-24.el5. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. Multiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service. Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter's privileges. Multiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). Multiple integer overflow flaws were found in various Python modules. An attacker could use these flaws to cause a denial of service. An integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. A flaw was discovered in the strxfrm() function of the Python locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues. g. Updated Service Console package bind Service Console package bind updated to version 9.3.6-4.P1.el5 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handles dynamic update message packets containing the 'ANY' record type. A remote attacker could use this flaw to send a specially crafted dynamic update packet that could cause named to exit with an assertion failure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0696 to this issue. h. Updated Service Console package libxml2 Service Console package libxml2 updated to version 2.6.26-2.1.2.8. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service. Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2414 and CVE-2009-2416 to these issues. i. Updated Service Console package curl Service Console package curl updated to version 7.15.5-2.1.el5_3.5 A cURL is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse cURL into accepting it by mistake. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2417 to this issue j. Updated Service Console package gnutls Service Console package gnutil updated to version 1.4.1-3.el5_3.5 A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-2730 to this issue
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 42870
    published 2009-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42870
    title VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1872.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation or a leak of sensitive memory. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2698 Herbert Xu discovered an issue in the way UDP tracks corking status that could allow local users to cause a denial of service (system crash). Tavis Ormandy and Julien Tinnes discovered that this issue could also be used by local users to gain elevated privileges. - CVE-2009-2846 Michael Buesch noticed a typing issue in the eisa-eeprom driver for the hppa architecture. Local users could exploit this issue to gain access to restricted memory. - CVE-2009-2847 Ulrich Drepper noticed an issue in the do_sigalstack routine on 64-bit systems. This issue allows local users to gain access to potentially sensitive memory on the kernel stack. - CVE-2009-2848 Eric Dumazet discovered an issue in the execve path, where the clear_child_tid variable was not being properly cleared. Local users could exploit this issue to cause a denial of service (memory corruption). - CVE-2009-2849 Neil Brown discovered an issue in the sysfs interface to md devices. When md arrays are not active, local users can exploit this vulnerability to cause a denial of service (oops).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44737
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44737
    title Debian DSA-1872-1 : linux-2.6 - denial of service/privilege escalation/information leak
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1222.NASL
    description Updated kernel packages that fix two security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. These updated packages also fix the following bug : * in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was not freed in the error exit path. This bug led to a memory leak and an unresponsive system. A reported case of this bug occurred after running 'cman_tool kill -n [nodename]'. (BZ#515432) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 40765
    published 2009-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40765
    title RHEL 5 : kernel (RHSA-2009:1222)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1457.NASL
    description Updated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in the Linux kernel. This driver allowed interfaces using this driver to receive frames larger than what could be handled. This could lead to a remote denial of service or code execution. (CVE-2009-1389, Important) * Tavis Ormandy and Julien Tinnes of the Google Security Team reported a flaw in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * Tavis Ormandy and Julien Tinnes of the Google Security Team reported a flaw in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2017-01-10
    plugin id 63896
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63896
    title RHEL 5 : kernel (RHSA-2009:1457)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-6460.NASL
    description This update fixes a single critical security issues in the SUSE Linux Enterprise 10 SP 2 kernel. - A missing check in the MSG_PROBE handling can be used to execute privileges to root. (CVE-2009-2698)
    last seen 2019-02-21
    modified 2013-11-29
    plugin id 59139
    published 2012-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59139
    title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6460)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1223.NASL
    description Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 40766
    published 2009-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40766
    title RHEL 4 : kernel (RHSA-2009:1223)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1223.NASL
    description From Red Hat Security Advisory 2009:1223 : Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67915
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67915
    title Oracle Linux 4 : kernel (ELSA-2009-1223)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090827_KERNEL_ON_SL3_X.NASL
    description CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc CVE-2009-2698 kernel: udp socket NULL ptr dereference These updated packages fix the following security issues : - a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) - a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60648
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60648
    title Scientific Linux Security Update : kernel on SL3.x i386/x86_64
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2009-0023.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - backport for online resize of blockdev [orabug 8585251] [rh bugz 444964] - CVE-2009-2692 - [net] make sock_sendpage use kernel_sendpage (Jiri Pirko) [517445 516955] - CVE-2009-2698 - [net] prevent null pointer dereference in udp_sendmsg (Vitaly Mayatskikh) [518047 518043] - Updated cciss module to 3.6.20 - update bnx2x 1.48.107 - update bnx2 1.8.8b - update bfa to 1.1.0.9-0 [bugz 9518] - Fix dom0 crash in loopback_start_xmit+0x107/0x2BD [bug 7634343]
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79465
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79465
    title OracleVM 2.1 : kernel (OVMSA-2009-0023)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KERNEL-6453.NASL
    description This update fixes a single critical security issues in the SUSE Linux Enterprise 10 SP 2 kernel. - A missing check in the MSG_PROBE handling can be used to execute privileges to root. (CVE-2009-2698)
    last seen 2019-02-21
    modified 2013-11-29
    plugin id 41541
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41541
    title SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6453)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1222.NASL
    description From Red Hat Security Advisory 2009:1222 : Updated kernel packages that fix two security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. These updated packages also fix the following bug : * in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was not freed in the error exit path. This bug led to a memory leak and an unresponsive system. A reported case of this bug occurred after running 'cman_tool kill -n [nodename]'. (BZ#515432) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67914
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67914
    title Oracle Linux 5 : kernel (ELSA-2009-1222)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1233.NASL
    description From Red Hat Security Advisory 2009:1233 : Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. All Red Hat Enterprise Linux 3 users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67917
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67917
    title Oracle Linux 3 : kernel (ELSA-2009-1233)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090824_KERNEL_ON_SL5_X.NASL
    description CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc CVE-2009-2698 kernel: udp socket NULL ptr dereference These updated packages fix the following security issues : - a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) - a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) These updated packages also fix the following bug : - in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was not freed in the error exit path. This bug led to a memory leak and an unresponsive system. A reported case of this bug occurred after running 'cman_tool kill -n [nodename]'. (BZ#515432) The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60646
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60646
    title Scientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1222.NASL
    description Updated kernel packages that fix two security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. These updated packages also fix the following bug : * in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was not freed in the error exit path. This bug led to a memory leak and an unresponsive system. A reported case of this bug occurred after running 'cman_tool kill -n [nodename]'. (BZ#515432) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43777
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43777
    title CentOS 5 : kernel (CESA-2009:1222)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1233.NASL
    description Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. All Red Hat Enterprise Linux 3 users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 40808
    published 2009-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40808
    title CentOS 3 : kernel (CESA-2009:1233)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-852-1.NASL
    description Solar Designer discovered that the z90crypt driver did not correctly check capabilities. A local attacker could exploit this to shut down the device, leading to a denial of service. Only affected Ubuntu 6.06. (CVE-2009-1883) Michael Buesch discovered that the SGI GRU driver did not correctly check the length when setting options. A local attacker could exploit this to write to the kernel stack, leading to root privilege escalation or a denial of service. Only affected Ubuntu 8.10 and 9.04. (CVE-2009-2584) It was discovered that SELinux did not fully implement the mmap_min_addr restrictions. A local attacker could exploit this to allocate the NULL memory page which could lead to further attacks against kernel NULL-dereference vulnerabilities. Ubuntu 6.06 was not affected. (CVE-2009-2695) Cagri Coltekin discovered that the UDP stack did not correctly handle certain flags. A local user could send specially crafted commands and traffic to gain root privileges or crash the systeam, leading to a denial of service. Only affected Ubuntu 6.06. (CVE-2009-2698) Hiroshi Shimamoto discovered that monotonic timers did not correctly validate parameters. A local user could make a specially crafted timer request to gain root privileges or crash the system, leading to a denial of service. Only affected Ubuntu 9.04. (CVE-2009-2767) Michael Buesch discovered that the HPPA ISA EEPROM driver did not correctly validate positions. A local user could make a specially crafted request to gain root privileges or crash the system, leading to a denial of service. (CVE-2009-2846) Ulrich Drepper discovered that kernel signal stacks were not being correctly padded on 64-bit systems. A local attacker could send specially crafted calls to expose 4 bytes of kernel stack memory, leading to a loss of privacy. (CVE-2009-2847) Jens Rosenboom discovered that the clone method did not correctly clear certain fields. A local attacker could exploit this to gain privileges or crash the system, leading to a denial of service. (CVE-2009-2848) It was discovered that the MD driver did not check certain sysfs files. A local attacker with write access to /sys could exploit this to cause a system crash, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-2849) Mark Smith discovered that the AppleTalk stack did not correctly manage memory. A remote attacker could send specially crafted traffic to cause the system to consume all available memory, leading to a denial of service. (CVE-2009-2903) Loic Minier discovered that eCryptfs did not correctly handle writing to certain deleted files. A local attacker could exploit this to gain root privileges or crash the system, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-2908) It was discovered that the LLC, AppleTalk, IR, EConet, Netrom, and ROSE network stacks did not correctly initialize their data structures. A local attacker could make specially crafted calls to read kernel memory, leading to a loss of privacy. (CVE-2009-3001, CVE-2009-3002) It was discovered that the randomization used for Address Space Layout Randomization was predictable within a small window of time. A local attacker could exploit this to leverage further attacks that require knowledge of userspace memory layouts. (CVE-2009-3238) Eric Paris discovered that NFSv4 did not correctly handle file creation failures. An attacker with write access to an NFSv4 share could exploit this to create files with arbitrary mode bits, leading to privilege escalation or a loss of privacy. (CVE-2009-3286) Bob Tracy discovered that the SCSI generic driver did not correctly use the right index for array access. A local attacker with write access to a CDR could exploit this to crash the system, leading to a denial of service. Only Ubuntu 9.04 was affected. (CVE-2009-3288) Jan Kiszka discovered that KVM did not correctly validate certain hypercalls. A local unprivileged attacker in a virtual guest could exploit this to crash the guest kernel, leading to a denial of service. Ubuntu 6.06 was not affected. (CVE-2009-3290). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 42209
    published 2009-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42209
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : linux, linux-source-2.6.15 vulnerabilities (USN-852-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1233.NASL
    description Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. All Red Hat Enterprise Linux 3 users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 40795
    published 2009-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40795
    title RHEL 3 : kernel (RHSA-2009:1233)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1223.NASL
    description Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 40753
    published 2009-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40753
    title CentOS 4 : kernel (CESA-2009:1223)
oval via4
  • accepted 2010-08-23T04:00:08.160-04:00
    class vulnerability
    contributors
    name Chandan M C
    organization Hewlett-Packard
    definition_extensions
    comment VMware ESX Server 3.5.0 is installed
    oval oval:org.mitre.oval:def:5887
    description The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
    family unix
    id oval:org.mitre.oval:def:11514
    status accepted
    submitted 2010-07-10T10:25:06.000-05:00
    title Service Console update for COS kernel
    version 5
  • accepted 2014-01-20T04:01:40.292-05:00
    class vulnerability
    contributors
    • name Pai Peng
      organization Hewlett-Packard
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
    family unix
    id oval:org.mitre.oval:def:8557
    status accepted
    submitted 2010-03-19T16:57:59.000-04:00
    title VMware kernel udp_sendmsg function vulnerability
    version 7
  • accepted 2013-04-29T04:18:18.955-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
    family unix
    id oval:org.mitre.oval:def:9142
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
    version 24
redhat via4
advisories
  • bugzilla
    id 518034
    title CVE-2009-2698 kernel: udp socket NULL ptr dereference
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment kernel is earlier than 0:2.6.18-128.7.1.el5
          oval oval:com.redhat.rhsa:tst:20091222002
        • comment kernel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099003
      • AND
        • comment kernel-PAE is earlier than 0:2.6.18-128.7.1.el5
          oval oval:com.redhat.rhsa:tst:20091222020
        • comment kernel-PAE is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099019
      • AND
        • comment kernel-PAE-devel is earlier than 0:2.6.18-128.7.1.el5
          oval oval:com.redhat.rhsa:tst:20091222022
        • comment kernel-PAE-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099017
      • AND
        • comment kernel-debug is earlier than 0:2.6.18-128.7.1.el5
          oval oval:com.redhat.rhsa:tst:20091222012
        • comment kernel-debug is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070993007
      • AND
        • comment kernel-debug-devel is earlier than 0:2.6.18-128.7.1.el5
          oval oval:com.redhat.rhsa:tst:20091222014
        • comment kernel-debug-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070993013
      • AND
        • comment kernel-devel is earlier than 0:2.6.18-128.7.1.el5
          oval oval:com.redhat.rhsa:tst:20091222010
        • comment kernel-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099011
      • AND
        • comment kernel-doc is earlier than 0:2.6.18-128.7.1.el5
          oval oval:com.redhat.rhsa:tst:20091222024
        • comment kernel-doc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099021
      • AND
        • comment kernel-headers is earlier than 0:2.6.18-128.7.1.el5
          oval oval:com.redhat.rhsa:tst:20091222004
        • comment kernel-headers is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099005
      • AND
        • comment kernel-kdump is earlier than 0:2.6.18-128.7.1.el5
          oval oval:com.redhat.rhsa:tst:20091222018
        • comment kernel-kdump is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099015
      • AND
        • comment kernel-kdump-devel is earlier than 0:2.6.18-128.7.1.el5
          oval oval:com.redhat.rhsa:tst:20091222016
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099013
      • AND
        • comment kernel-xen is earlier than 0:2.6.18-128.7.1.el5
          oval oval:com.redhat.rhsa:tst:20091222006
        • comment kernel-xen is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099007
      • AND
        • comment kernel-xen-devel is earlier than 0:2.6.18-128.7.1.el5
          oval oval:com.redhat.rhsa:tst:20091222008
        • comment kernel-xen-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070099009
    rhsa
    id RHSA-2009:1222
    released 2009-08-24
    severity Important
    title RHSA-2009:1222: kernel security and bug fix update (Important)
  • bugzilla
    id 518034
    title CVE-2009-2698 kernel: udp socket NULL ptr dereference
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment kernel is earlier than 0:2.6.9-89.0.9.EL
          oval oval:com.redhat.rhsa:tst:20091223002
        • comment kernel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689003
      • AND
        • comment kernel-devel is earlier than 0:2.6.9-89.0.9.EL
          oval oval:com.redhat.rhsa:tst:20091223004
        • comment kernel-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689005
      • AND
        • comment kernel-doc is earlier than 0:2.6.9-89.0.9.EL
          oval oval:com.redhat.rhsa:tst:20091223022
        • comment kernel-doc is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689019
      • AND
        • comment kernel-hugemem is earlier than 0:2.6.9-89.0.9.EL
          oval oval:com.redhat.rhsa:tst:20091223020
        • comment kernel-hugemem is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689017
      • AND
        • comment kernel-hugemem-devel is earlier than 0:2.6.9-89.0.9.EL
          oval oval:com.redhat.rhsa:tst:20091223018
        • comment kernel-hugemem-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689015
      • AND
        • comment kernel-largesmp is earlier than 0:2.6.9-89.0.9.EL
          oval oval:com.redhat.rhsa:tst:20091223010
        • comment kernel-largesmp is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689013
      • AND
        • comment kernel-largesmp-devel is earlier than 0:2.6.9-89.0.9.EL
          oval oval:com.redhat.rhsa:tst:20091223008
        • comment kernel-largesmp-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689009
      • AND
        • comment kernel-smp is earlier than 0:2.6.9-89.0.9.EL
          oval oval:com.redhat.rhsa:tst:20091223016
        • comment kernel-smp is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689011
      • AND
        • comment kernel-smp-devel is earlier than 0:2.6.9-89.0.9.EL
          oval oval:com.redhat.rhsa:tst:20091223012
        • comment kernel-smp-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689007
      • AND
        • comment kernel-xenU is earlier than 0:2.6.9-89.0.9.EL
          oval oval:com.redhat.rhsa:tst:20091223006
        • comment kernel-xenU is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070488009
      • AND
        • comment kernel-xenU-devel is earlier than 0:2.6.9-89.0.9.EL
          oval oval:com.redhat.rhsa:tst:20091223014
        • comment kernel-xenU-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070488011
    rhsa
    id RHSA-2009:1223
    released 2009-08-24
    severity Important
    title RHSA-2009:1223: kernel security update (Important)
  • bugzilla
    id 518034
    title CVE-2009-2698 kernel: udp socket NULL ptr dereference
    oval
    AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • OR
      • AND
        • comment kernel is earlier than 0:2.4.21-60.EL
          oval oval:com.redhat.rhsa:tst:20091233002
        • comment kernel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689003
      • AND
        • comment kernel-BOOT is earlier than 0:2.4.21-60.EL
          oval oval:com.redhat.rhsa:tst:20091233014
        • comment kernel-BOOT is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060710015
      • AND
        • comment kernel-doc is earlier than 0:2.4.21-60.EL
          oval oval:com.redhat.rhsa:tst:20091233012
        • comment kernel-doc is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689019
      • AND
        • comment kernel-hugemem is earlier than 0:2.4.21-60.EL
          oval oval:com.redhat.rhsa:tst:20091233016
        • comment kernel-hugemem is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689017
      • AND
        • comment kernel-hugemem-unsupported is earlier than 0:2.4.21-60.EL
          oval oval:com.redhat.rhsa:tst:20091233018
        • comment kernel-hugemem-unsupported is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060710017
      • AND
        • comment kernel-smp is earlier than 0:2.4.21-60.EL
          oval oval:com.redhat.rhsa:tst:20091233008
        • comment kernel-smp is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060689011
      • AND
        • comment kernel-smp-unsupported is earlier than 0:2.4.21-60.EL
          oval oval:com.redhat.rhsa:tst:20091233004
        • comment kernel-smp-unsupported is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060710011
      • AND
        • comment kernel-source is earlier than 0:2.4.21-60.EL
          oval oval:com.redhat.rhsa:tst:20091233006
        • comment kernel-source is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060710007
      • AND
        • comment kernel-unsupported is earlier than 0:2.4.21-60.EL
          oval oval:com.redhat.rhsa:tst:20091233010
        • comment kernel-unsupported is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060710009
    rhsa
    id RHSA-2009:1233
    released 2009-08-27
    severity Important
    title RHSA-2009:1233: kernel security update (Important)
rpms
  • kernel-0:2.6.18-128.7.1.el5
  • kernel-PAE-0:2.6.18-128.7.1.el5
  • kernel-PAE-devel-0:2.6.18-128.7.1.el5
  • kernel-debug-0:2.6.18-128.7.1.el5
  • kernel-debug-devel-0:2.6.18-128.7.1.el5
  • kernel-devel-0:2.6.18-128.7.1.el5
  • kernel-doc-0:2.6.18-128.7.1.el5
  • kernel-headers-0:2.6.18-128.7.1.el5
  • kernel-kdump-0:2.6.18-128.7.1.el5
  • kernel-kdump-devel-0:2.6.18-128.7.1.el5
  • kernel-xen-0:2.6.18-128.7.1.el5
  • kernel-xen-devel-0:2.6.18-128.7.1.el5
  • kernel-0:2.6.9-89.0.9.EL
  • kernel-devel-0:2.6.9-89.0.9.EL
  • kernel-doc-0:2.6.9-89.0.9.EL
  • kernel-hugemem-0:2.6.9-89.0.9.EL
  • kernel-hugemem-devel-0:2.6.9-89.0.9.EL
  • kernel-largesmp-0:2.6.9-89.0.9.EL
  • kernel-largesmp-devel-0:2.6.9-89.0.9.EL
  • kernel-smp-0:2.6.9-89.0.9.EL
  • kernel-smp-devel-0:2.6.9-89.0.9.EL
  • kernel-xenU-0:2.6.9-89.0.9.EL
  • kernel-xenU-devel-0:2.6.9-89.0.9.EL
  • kernel-0:2.4.21-60.EL
  • kernel-BOOT-0:2.4.21-60.EL
  • kernel-doc-0:2.4.21-60.EL
  • kernel-hugemem-0:2.4.21-60.EL
  • kernel-hugemem-unsupported-0:2.4.21-60.EL
  • kernel-smp-0:2.4.21-60.EL
  • kernel-smp-unsupported-0:2.4.21-60.EL
  • kernel-source-0:2.4.21-60.EL
  • kernel-unsupported-0:2.4.21-60.EL
refmap via4
bid 36108
bugtraq
  • 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
  • 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel
confirm
mandriva MDVSA-2011:051
mlist [oss-security] 20090825 CVE-2009-2698 kernel: udp socket NULL ptr dereference
sectrack 1022761
secunia
  • 23073
  • 36430
  • 36510
  • 37105
  • 37298
  • 37471
suse SUSE-SA:2009:046
ubuntu USN-852-1
vupen ADV-2009-3316
statements via4
contributor Tomas Hoger
lastmodified 2009-09-14
organization Red Hat
statement This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG. Updates for Red Hat Enterprise Linux 3, 4 and 5 to correct this issue are available: https://rhn.redhat.com/cve/CVE-2009-2698.html
Last major update 19-03-2012 - 00:00
Published 27-08-2009 - 13:30
Last modified 10-10-2018 - 15:41
Back to Top