CVE-2009-3002

Published Aug 28, 2009

Last updated a year ago

Overview

Description: The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.9
Impact score: 6.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Vendor comments

Red HatCVE-2009-3002 describes a collection of similar information leaks that affect numerous networking protocols. The Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 did not enable support for the AppleTalk DDP protocol, and therefore were not affected by issue (1). It was addressed in Red Hat Enterprise Linux 3 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1550.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively. The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG did not enable support for IrDA sockets, and therefore were not affected by issue (2). It was addressed in Red Hat Enterprise Linux 3 via: https://rhn.redhat.com/errata/RHSA-2009-1550.html The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG did not enable support for the Acorn Econet and AUN protocols, and therefore were not affected by issue (3). The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG did not enable support for the NET/ROM and ROSE protocols, and therefore were not affected by issues (4) and (5). They were addressed in Red Hat Enterprise Linux 3 via: https://rhn.redhat.com/errata/RHSA-2009-1550.html The raw_getname() leak was introduced in the Linux kernel version 2.6.25-rc1. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG therefore were not affected by issue (6).

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE1BA972-91FE-417F-B0AD-D3067DA8C96F",
            "versionEndExcluding": "2.6.31"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2887290A-1B43-4DB9-A9D0-B0B56CD78E48"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29C4A364-ED36-4AC8-AD1E-8BD18DD9324D"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4049867A-E3B2-4DC1-8966-0477E6A5D582"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2507858-675B-4DA2-A49E-00DB54700CF3"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A25EA55-3F1C-440C-A383-0BB9556C9508"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2665356-4EF5-4543-AD15-67FDB851DCCD"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26E7609B-B058-496D-ACDD-7F69FBDE89E5"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Vendor comments

Configurations

References