1. CVE-Search
  2. CVE-2009-0838
ID CVE-2009-0838
Summary The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:opensolaris:snv_88:*:*:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_88:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_88:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_88:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_88:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_88:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_89:*:*:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_89:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_89:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_89:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_89:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_89:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_90:*:*:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_90:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_90:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_90:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_90:x86:*:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_90:x86:*:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_91:*:*:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_91:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_91:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_91:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_91:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_91:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_92:*:*:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_92:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_92:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_92:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_92:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_92:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_93:*:*:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_93:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_93:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_93:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_93:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_93:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_94:*:*:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_94:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_94:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_94:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_94:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_94:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_95:*:*:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_95:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_95:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_95:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_95:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_95:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_96:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_96:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_96:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_96:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_97:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_97:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_97:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_97:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_98:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_98:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_98:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_98:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_99:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_99:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_99:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_99:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_100:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_100:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_100:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_100:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_101:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_101:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_101:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_101:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_101b:*:*:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_101b:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_102:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_102:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:opensolaris:snv_102:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:snv_102:*:x86:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
oval via4
accepted 2009-04-20T04:00:16.154-04:00
class vulnerability
contributors
name Pai Peng
organization Hewlett-Packard
definition_extensions
  • comment Solaris 10 (SPARC) is installed
    oval oval:org.mitre.oval:def:1440
  • comment Solaris 10 (x86) is installed
    oval oval:org.mitre.oval:def:1926
description The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function.
family unix
id oval:org.mitre.oval:def:5641
status accepted
submitted 2009-03-10T13:09:16.000-04:00
title A Security Vulnerability With the Solaris Crypto Driver May Cause a System Panic
version 35
refmap via4
bid 34000
confirm
sectrack 1021810
secunia
  • 34149
  • 34455
sunalert 254088
vupen
  • ADV-2009-0606
  • ADV-2009-0815
xf sun-solaris-cryptodriver-dos(49105)
Last major update 30-10-2018 - 16:25
Published 06-03-2009 - 18:30
Last modified 30-10-2018 - 16:25
Back to Top