SB2009081404 - Use of uninitialized resource in Linux kernel
Published: August 14, 2009 Updated: August 10, 2024
Security Bulletin ID
SB2009081404
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of uninitialized resource (CVE-ID: CVE-2009-2692)
The vulnerability allows a local user to execute arbitrary code.
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
Remediation
Install update from vendor's website.
References
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6
- http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html
- http://www.securityfocus.com/bid/36038
- http://grsecurity.net/~spender/wunderbar_emporium.tgz
- http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
- http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5
- http://secunia.com/advisories/36327
- http://www.vupen.com/english/advisories/2009/2272
- http://www.debian.org/security/2009/dsa-1865
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5
- http://secunia.com/advisories/36289
- https://issues.rpath.com/browse/RPL-3103
- http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121
- http://zenthought.org/content/file/android-root-2009-08-16-source
- http://secunia.com/advisories/36430
- http://rhn.redhat.com/errata/RHSA-2009-1223.html
- http://rhn.redhat.com/errata/RHSA-2009-1222.html
- https://bugzilla.redhat.com/show_bug.cgi?id=516949
- http://secunia.com/advisories/36278
- http://www.openwall.com/lists/oss-security/2009/08/14/1
- http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
- http://www.redhat.com/support/errata/RHSA-2009-1233.html
- http://support.avaya.com/css/P8/documents/100067254
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vupen.com/english/advisories/2009/3316
- http://secunia.com/advisories/37471
- http://secunia.com/advisories/37298
- http://www.exploit-db.com/exploits/19933
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:233
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526
- http://www.exploit-db.com/exploits/9477
- http://www.securityfocus.com/archive/1/512019/100/0/threaded
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/archive/1/505912/100/0/threaded
- http://www.securityfocus.com/archive/1/505751/100/0/threaded
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3