CVE-2009-2903
Published Sep 15, 2009
Last updated 2 years ago
Overview
- Description
- Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.1
- Impact score
- 6.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-772
Vendor comments
- Red HatRed Hat is aware of this issue. Please see http://kbase.redhat.com/faq/docs/DOC-19077 This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5, as the affected driver is not enabled in these kernels. The affected driver is available in Red Hat Enterprise MRG. It is also available in Red Hat Enterprise Linux 3, but only if the kernel-unsupported package is installed. Future kernel updates in Red Hat Enterprise Linux 3 and Red Hat Enterprise MRG will address this issue.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B3A0E29-6F2B-452D-8396-A3C52159F026",
"versionEndIncluding": "2.4.37.6",
"versionStartIncluding": "2.4.0"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58224BF0-332E-4C2D-84ED-F40B8A6EBA08",
"versionEndIncluding": "2.6.31",
"versionStartIncluding": "2.6.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E135846-8959-4D7E-A8E6-07F0EC15F010"
},
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E0623AA-88D4-4E53-AD50-C9AF8E0B0247"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "513797E6-FCE6-4E84-9B66-202541F9601E"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22A79A35-05DB-4B9F-AD3E-EA6F933CF10C"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3BEE9CB-F0AF-44B1-B454-1AE2F04D7299"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DB8A616-865B-4E70-BA2E-BE5F0BA7A351"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB"
}
],
"operator": "OR"
}
]
}
]