Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2009-3612

Опубликовано: 08 окт. 2009
Источник: redhat
CVSS2: 2.1

Описание

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.

Отчет

This issue is not planned to be fixed in Red Hat Enterprise Linux 3 due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about the Errata Support Policy, visit: https://access.redhat.com/support/policy/updates/errata/

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=528868kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7

2.1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2009-3612

ubuntu
больше 15 лет назад

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.

nvd логотип

CVE-2009-3612

nvd
больше 15 лет назад

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.

debian логотип

CVE-2009-3612

debian
больше 15 лет назад

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsy ...

github логотип

GHSA-vr55-mp4p-wfh2

github
около 3 лет назад

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.

oracle-oval логотип

ELSA-2009-1670

oracle-oval
больше 15 лет назад

ELSA-2009-1670: kernel security and bug fix update (IMPORTANT)

2.1 Low

CVSS2