Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2009-1897
Modified
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-20 Jul, 2009 | 17:30
Updated At-13 Feb, 2023 | 02:20

The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.9MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 6.9
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.30
cpe:2.3:o:linux:linux_kernel:2.6.30:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.30
cpe:2.3:o:linux:linux_kernel:2.6.30:rc1:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.30
cpe:2.3:o:linux:linux_kernel:2.6.30:rc2:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.30
cpe:2.3:o:linux:linux_kernel:2.6.30:rc3:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.30
cpe:2.3:o:linux:linux_kernel:2.6.30:rc4:x86_32:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.30
cpe:2.3:o:linux:linux_kernel:2.6.30:rc5:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.30
cpe:2.3:o:linux:linux_kernel:2.6.30:rc6:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.30
cpe:2.3:o:linux:linux_kernel:2.6.30:rc7-git6:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.6.30.1
cpe:2.3:o:linux:linux_kernel:2.6.30.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2009-09-02T00:00:00

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-1897 The flaw only affects the Red Hat Enterprise Linux 5.4 beta kernel, which includes a backport of the upstream bug fix introducing this flaw (git commit 33dccbb0). This issue did not affect the final released Red Hat Enterprise Linux 5.4 kernel. It is also possible to mitigate this flaw by ensuring that the permissions for /dev/net/tun is restricted to root only. This issue does not affect any other released kernel in any Red Hat product.

References
HyperlinkSourceResource
http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0241.htmlsecalert@redhat.com
N/A
http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0246.htmlsecalert@redhat.com
N/A
http://article.gmane.org/gmane.linux.network/124939secalert@redhat.com
N/A
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c8a9c63d5fd738c261bd0ceece04d9c8357ca13secalert@redhat.com
N/A
http://grsecurity.net/~spender/cheddar_bay.tgzsecalert@redhat.com
Patch
http://isc.sans.org/diary.html?storyid=6820secalert@redhat.com
Exploit
http://lkml.org/lkml/2009/7/6/19secalert@redhat.com
Exploit
http://secunia.com/advisories/35839secalert@redhat.com
Vendor Advisory
http://www.openwall.com/lists/oss-security/2009/07/17/1secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2009/1925secalert@redhat.com
Patch
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=512284secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/51803secalert@redhat.com
N/A
https://www.redhat.com/en/blog/security-flaws-caused-compiler-optimizationssecalert@redhat.com
N/A
Hyperlink: http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0241.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0246.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://article.gmane.org/gmane.linux.network/124939
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c8a9c63d5fd738c261bd0ceece04d9c8357ca13
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://grsecurity.net/~spender/cheddar_bay.tgz
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://isc.sans.org/diary.html?storyid=6820
Source: secalert@redhat.com
Resource:
Exploit
Hyperlink: http://lkml.org/lkml/2009/7/6/19
Source: secalert@redhat.com
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/35839
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2009/07/17/1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1925
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=512284
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/51803
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/en/blog/security-flaws-caused-compiler-optimizations
Source: secalert@redhat.com
Resource: N/A
Change History
0Changes found
Details not found