CVE-2009-1897
Published Jul 20, 2009
Last updated 2 years ago
Overview
- Description
- The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-119
Vendor comments
- Red HatRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-1897 The flaw only affects the Red Hat Enterprise Linux 5.4 beta kernel, which includes a backport of the upstream bug fix introducing this flaw (git commit 33dccbb0). This issue did not affect the final released Red Hat Enterprise Linux 5.4 kernel. It is also possible to mitigate this flaw by ensuring that the permissions for /dev/net/tun is restricted to root only. This issue does not affect any other released kernel in any Red Hat product.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "10E55450-F6D9-483C-9CC8-E651E5A12AB1"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45273823-29EA-44DE-8444-3933402C5793"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88F60E74-09DB-4D4A-B922-4A46EED0EC20"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E242D3DE-D1DC-406A-BCC3-C4380B7EC369"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc4:x86_32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06EFB3F7-2EAE-4A56-A9A1-E8C734E6B91E"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8598D6E5-0C5C-4A31-841A-C12801DB7D91"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "59800B0A-477B-42F8-A58A-5144F455AE01"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30:rc7-git6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F166BF6B-BFB0-4206-BD59-179701572F1C"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.30.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99AC6D46-A0BF-4F1D-88BB-03BF74FDB84F"
}
],
"operator": "OR"
}
]
}
]