CVE-2009-2793

Published Sep 18, 2009

Last updated 6 years ago

CVSS info 4.6

Overview

Description: The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABB5BE84-628A-4845-92C7-E20ADEE7E904",
            "versionEndIncluding": "5.0.1"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "555181C9-75B1-427B-BF36-47C7D969DCC5"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAC89BD6-8376-4C8D-A120-1430D8CA113F"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DF613C9-DC4A-45F0-BEE1-8450762B0089"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "441CEF2E-9687-4930-8536-B8B83018BD28"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55DD3C82-0B7D-4B25-B603-AD6C6D59239A"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC7A39CD-C4B2-4FD9-A450-E5C7A5480174"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CBA1B13-B378-4F13-BD13-EC58F15F5C81"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8C8CAB1-2D8C-4875-A795-41178D48410F"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D3C937A-E9D8-474A-ABEB-A927EF7CC5B0"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:1.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A8F8DE7-7A84-4350-A6D8-FCCB561D63B2"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E10D9BF9-FCC7-4680-AD3A-95757FC005EA"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78E8C3A4-9FA7-4F2A-8C65-D4404715E674"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBA2E3A3-EB9B-4B20-B754-EEC914FB1D47"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AC78BA4-70F4-4B9F-93C2-B107E4DCC418"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28A10F5A-067E-4DD8-B585-ABCD6F6B324E"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "249FA642-3732-4654-88CB-3F1D19A5860A"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:1.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5071CA39-65B3-4AFB-8898-21819E57A084"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3C3F588-98DA-4F6F-A083-2B9EE534C561"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C2ED81B-8DA2-46D0-AE24-C61BF8E78AE9"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D18C95A3-15E3-41B8-AC28-ACEA57021E24"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CFC6B75-9057-4E58-A4D4-8AEC12AE62E4"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28BD9F91-2384-4557-9648-25FC00D04677"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9CABFAA-594C-45D7-A0C7-795872A0C68A"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F9432E9-AACA-4242-BDAB-8792ACF72C12"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:3.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29C02C6B-AAFD-4594-94A4-F26BA3648CB0"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57C533D7-771E-4E33-A4FE-764C0B73F920"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9875E709-11BA-4B8F-A2FC-26844DD4D563"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49AF042F-5047-4FA2-B20C-65B2C6EBEA5C"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00564BAA-066A-4627-B6A8-78724E55D363"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References