#VU94171 Input validation error in Linux kernel - CVE-2009-0834

Cybersecurity Help s.r.o.

Published: 2009-03-06 | Updated: 2020-08-26

Vulnerability identifier: #VU94171

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2009-0834

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improper input validation within the send_sigtrap() function in arch/x86/kernel/ptrace.c. A local user can read and manipulate data.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccbe495caa5e604b04d5a31d7459a6f6a76a756c
https://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html
https://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
https://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
https://marc.info/?l=linux-kernel&m=123579056530191&w=2
https://marc.info/?l=linux-kernel&m=123579065130246&w=2
https://marc.info/?l=oss-security&m=123597642832637&w=2
https://rhn.redhat.com/errata/RHSA-2009-0459.html
https://rhn.redhat.com/errata/RHSA-2009-0473.html
https://scary.beasts.org/security/CESA-2009-001.html
https://secunia.com/advisories/34084
https://secunia.com/advisories/34917
https://secunia.com/advisories/34962
https://secunia.com/advisories/34981
https://secunia.com/advisories/35011
https://secunia.com/advisories/35015
https://secunia.com/advisories/35120
https://secunia.com/advisories/35121
https://secunia.com/advisories/35185
https://secunia.com/advisories/35390
https://secunia.com/advisories/35394
https://secunia.com/advisories/37471
https://wiki.rpath.com/Advisories:rPSA-2009-0084
https://www.debian.org/security/2009/dsa-1787
https://www.debian.org/security/2009/dsa-1794
https://www.debian.org/security/2009/dsa-1800
https://www.mandriva.com/security/advisories?name=MDVSA-2009:118
https://www.redhat.com/support/errata/RHSA-2009-0451.html
https://www.securityfocus.com/archive/1/503610/100/0/threaded
https://www.securityfocus.com/archive/1/507985/100/0/threaded
https://www.securityfocus.com/bid/33951
https://www.securitytracker.com/id?1022153
https://www.ubuntu.com/usn/usn-751-1
https://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://www.vupen.com/english/advisories/2009/3316
https://bugzilla.redhat.com/show_bug.cgi?id=487990
https://exchange.xforce.ibmcloud.com/vulnerabilities/49061
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8508
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9600

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Input validation error in Linux kernel x86 kernel