#VU91218 Buffer overflow in Linux kernel - CVE-2009-0065

Cybersecurity Help s.r.o.

Published: 2009-01-07 | Updated: 2024-06-05

Vulnerability identifier: #VU91218

Vulnerability risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2009-0065

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to memory corruption within the sctp_sf_eat_fwd_tsn() and sctp_sf_eat_fwd_tsn_fast() functions in net/sctp/sm_statefuns.c. A remote non-authenticated attacker can execute arbitrary code.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9fcb95a105758b81ef0131cd18e2db5149f13e95
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832118
https://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
https://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
https://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
https://patchwork.ozlabs.org/patch/15024/
https://rhn.redhat.com/errata/RHSA-2009-0264.html
https://secunia.com/advisories/33674
https://secunia.com/advisories/33854
https://secunia.com/advisories/33858
https://secunia.com/advisories/34252
https://secunia.com/advisories/34394
https://secunia.com/advisories/34680
https://secunia.com/advisories/34762
https://secunia.com/advisories/34981
https://secunia.com/advisories/35011
https://secunia.com/advisories/35174
https://secunia.com/advisories/35390
https://secunia.com/advisories/35394
https://secunia.com/advisories/36191
https://support.avaya.com/elmodocs2/security/ASA-2009-114.htm
https://www.debian.org/security/2009/dsa-1749
https://www.debian.org/security/2009/dsa-1787
https://www.debian.org/security/2009/dsa-1794
https://www.openwall.com/lists/oss-security/2009/01/05/1
https://www.redhat.com/support/errata/RHSA-2009-0053.html
https://www.redhat.com/support/errata/RHSA-2009-0331.html
https://www.redhat.com/support/errata/RHSA-2009-1055.html
https://www.securityfocus.com/bid/33113
https://www.securitytracker.com/id?1022698
https://www.ubuntu.com/usn/usn-751-1
https://www.vupen.com/english/advisories/2009/0029
https://www.vupen.com/english/advisories/2009/2193
https://bugzilla.redhat.com/show_bug.cgi?id=478800
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10872
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01045.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Buffer overflow in Linux kernel sctp