Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-2692

Опубликовано: 14 авг. 2009
Источник: nvd
CVSS3: 7.8
CVSS2: 7.2
EPSS Средний

Описание

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 2.4.4 (включая) до 2.4.37.5 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 2.6.0 (включая) до 2.6.30.5 (исключая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:suse:linux_enterprise_real_time:10:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 95%
0.18141
Средний

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-908

Связанные уязвимости

ubuntu логотип

CVE-2009-2692

CVSS3: 7.8
ubuntu
почти 16 лет назад

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

redhat логотип

CVE-2009-2692

redhat
почти 16 лет назад

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

debian логотип

CVE-2009-2692

CVSS3: 7.8
debian
почти 16 лет назад

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, d ...

github логотип

GHSA-j86m-g62r-5g7r

CVSS3: 7.8
github
около 3 лет назад

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

oracle-oval логотип

ELSA-2009-1222

oracle-oval
почти 16 лет назад

ELSA-2009-1222: kernel security and bug fix update (IMPORTANT)

EPSS

Процентиль: 95%
0.18141
Средний

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-908