CVE-2009-1185

Опубликовано: 15 апр. 2009

Источник: redhat

CVSS2: 7.2

Описание

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

Отчет

udev packages as shipped in Red Hat Enterprise Linux 4 are not affected by this flaw, as they do not use netlink sockets for communication. udev is not shipped in Red Hat Enterprise Linux 2.1 and 3.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-862

https://bugzilla.redhat.com/show_bug.cgi?id=495051udev: Uncheck origin of NETLINK messages

7.2 High

CVSS2

Связанные уязвимости

CVE-2009-1185

ubuntu

около 16 лет назад

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

CVE-2009-1185

nvd

около 16 лет назад

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

CVE-2009-1185

debian

около 16 лет назад

udev before 1.4.1 does not verify whether a NETLINK message originates ...

GHSA-3cx7-86h6-xwmp

github

около 3 лет назад

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

ELSA-2009-0427

oracle-oval

около 16 лет назад

ELSA-2009-0427: udev security update (IMPORTANT)

7.2 High

CVSS2