CVE-2009-0834

Published Mar 6, 2009

Last updated a year ago

Overview

Description: The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.6
Impact score: 4.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37C3A423-BCC9-4001-A976-8C8620DD22F4",
            "versionEndIncluding": "2.6.28.7"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1CA1D49-76E7-4195-98AF-BE916040ECC3"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "941713DB-B1DE-4953-9A9C-174EAFDCB3E6"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73322DEE-27A6-4D18-88A3-ED7F9CAEABD5"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F87B994-28E4-4095-8770-6433DE9C93AB"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B5DCF29-6830-45FF-BC88-17E2249C653D"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "513797E6-FCE6-4E84-9B66-202541F9601E"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22A79A35-05DB-4B9F-AD3E-EA6F933CF10C"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3BEE9CB-F0AF-44B1-B454-1AE2F04D7299"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References