CVE-2009-3612
Published Oct 19, 2009
Last updated a year ago
Overview
- Description
- The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Vendor comments
- Red HatRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2009-3612 This issue has been rated as having moderate security impact. It was addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1670.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively. A future kernel update in Red Hat Enterprise Linux 4 will address this flaw. This issue is not planned to be fixed in Red Hat Enterprise Linux 3 due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about the Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93F6511F-D405-456D-B7B4-3F73EABDFA77",
"versionEndIncluding": "2.4.37.6"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0289F2BE-8029-4F64-961F-07D0857861B1",
"versionEndExcluding": "2.6.32",
"versionStartIncluding": "2.6.0"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37B2E2B1-3E39-4DBA-817D-08F34D9F6E53"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C85D4E0A-14DA-4884-AF6F-A0F54304430F"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C8471AA-44D7-4D19-82B6-C4B999C65F97"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "218DE1D1-3843-4076-9AE4-70AA0FD99B3E"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.32:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2677114B-AF05-42EB-BBC8-FA85CD631C21"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "513797E6-FCE6-4E84-9B66-202541F9601E"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E496249-23A8-42FC-A109-634A54B5600F"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22A79A35-05DB-4B9F-AD3E-EA6F933CF10C"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3BEE9CB-F0AF-44B1-B454-1AE2F04D7299"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DB8A616-865B-4E70-BA2E-BE5F0BA7A351"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12"
}
],
"operator": "OR"
}
]
}
]