National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-1185)

National Cyber-Alert System

Vulnerability Summary for CVE-2009-1185

Original release date:04/17/2009

Last revised:06/08/2009

Source: US-CERT/NIST

Overview

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:7.2 (HIGH) (AV:L/AC:L/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 3.9

CVSS Version 2 Metrics:

Access Vector: Locally exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

Vendor Statments (disclaimer)

Official Statement from Red Hat (04/20/2009): This issue has been fixed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2009-0427.html . udev packages as shipped in Red Hat Enterprise Linux 4 were not affected by this flaw, as they do not use netlink sockets for communication. udev is not shipped in Red Hat Enterprise Linux 2.1 and 3.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: BID

Name: 34536

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/34536

External Source: DEBIAN

Name: DSA-1772

Type: Patch Information

Hyperlink:http://www.debian.org/security/2009/dsa-1772

External Source: FEDORA

Name: FEDORA-2009-3711

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00463.html

External Source: FEDORA

Name: FEDORA-2009-3712

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00462.html

External Source: MISC

Name: https://launchpad.net/bugs/cve/2009-1185

Hyperlink:https://launchpad.net/bugs/cve/2009-1185

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=495051

Type: Advisory

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=495051

External Source: VUPEN

Name: ADV-2009-1865

Hyperlink:http://www.vupen.com/english/advisories/2009/1865

External Source: VUPEN

Name: ADV-2009-1053

Hyperlink:http://www.vupen.com/english/advisories/2009/1053

External Source: CONFIRM

Name: http://www.vmware.com/security/advisories/VMSA-2009-0009.html

Hyperlink:http://www.vmware.com/security/advisories/VMSA-2009-0009.html

External Source: UBUNTU

Name: USN-758-1

Hyperlink:http://www.ubuntu.com/usn/usn-758-1

External Source: SECTRACK

Name: 1022067

Hyperlink:http://www.securitytracker.com/id?1022067

External Source: BUGTRAQ

Name: 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/504849/100/0/threaded

External Source: BUGTRAQ

Name: 20090417 rPSA-2009-0063-1 udev

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/502752/100/0/threaded

External Source: REDHAT

Name: RHSA-2009:0427

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-0427.html

External Source: MILW0RM

Name: 8572

Hyperlink:http://www.milw0rm.com/exploits/8572

External Source: MANDRIVA

Name: MDVSA-2009:104

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:104

External Source: MANDRIVA

Name: MDVSA-2009:103

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:103

External Source: GENTOO

Name: GLSA-200904-18

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200904-18.xml

External Source: MISC

Name: http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063

Hyperlink:http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063

External Source: CONFIRM

Name: http://wiki.rpath.com/Advisories:rPSA-2009-0063

Hyperlink:http://wiki.rpath.com/Advisories:rPSA-2009-0063

External Source: SLACKWARE

Name: SSA:2009-111-01

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.446399

External Source: SECUNIA

Name: 35766

Hyperlink:http://secunia.com/advisories/35766

External Source: SECUNIA

Name: 34801

Hyperlink:http://secunia.com/advisories/34801

External Source: SECUNIA

Name: 34787

Hyperlink:http://secunia.com/advisories/34787

External Source: SECUNIA

Name: 34785

Hyperlink:http://secunia.com/advisories/34785

External Source: SECUNIA

Name: 34776

Hyperlink:http://secunia.com/advisories/34776

External Source: SECUNIA

Name: 34771

Hyperlink:http://secunia.com/advisories/34771

External Source: SECUNIA

Name: 34753

Type: Advisory

Hyperlink:http://secunia.com/advisories/34753

External Source: SECUNIA

Name: 34750

Type: Advisory

Hyperlink:http://secunia.com/advisories/34750

External Source: SECUNIA

Name: 34731

Type: Advisory

Hyperlink:http://secunia.com/advisories/34731

External Source: MLIST

Name: [Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl

Hyperlink:http://lists.vmware.com/pipermail/security-announce/2009/000060.html

External Source: SUSE

Name: SUSE-SA:2009:025

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00012.html

External Source: SUSE

Name: SUSE-SA:2009:020

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00006.html

External Source: CONFIRM

Name: http://git.kernel.org/?p=linux/hotplug/udev.git;a=commitdiff;h=e86a923d508c2aed371cdd958ce82489cf2ab615

Type: Advisory

Hyperlink:http://git.kernel.org/?p=linux/hotplug/udev.git;a=commitdiff;h=e86a923d508c2aed371cdd958ce82489cf2ab615

External Source: CONFIRM

Name: http://git.kernel.org/?p=linux/hotplug/udev.git;a=commitdiff;h=e2b362d9f23d4c63018709ab5f81a02f72b91e75

Type: Advisory

Hyperlink:http://git.kernel.org/?p=linux/hotplug/udev.git;a=commitdiff;h=e2b362d9f23d4c63018709ab5f81a02f72b91e75

Vulnerable software and versions

Configuration 1

* cpe:/a:kernel:udev:1.3.9

* cpe:/a:kernel:udev:1.3.8

* cpe:/a:kernel:udev:1.3.7

* cpe:/a:kernel:udev:1.3.6

* cpe:/a:kernel:udev:1.3.5

* cpe:/a:kernel:udev:1.3.4

* cpe:/a:kernel:udev:1.3.3

* cpe:/a:kernel:udev:1.3.2

* cpe:/a:kernel:udev:1.3.1

* cpe:/a:kernel:udev:1.3.0

* cpe:/a:kernel:udev:1.2.9

* cpe:/a:kernel:udev:1.2.8

* cpe:/a:kernel:udev:1.2.7

* cpe:/a:kernel:udev:1.2.6

* cpe:/a:kernel:udev:1.2.5

* cpe:/a:kernel:udev:1.2.4

* cpe:/a:kernel:udev:1.2.3

* cpe:/a:kernel:udev:1.2.2

* cpe:/a:kernel:udev:1.2.1

* cpe:/a:kernel:udev:1.2.0

* cpe:/a:kernel:udev:1.1.9

* cpe:/a:kernel:udev:1.1.8

* cpe:/a:kernel:udev:1.1.7

* cpe:/a:kernel:udev:1.1.6

* cpe:/a:kernel:udev:1.1.5

* cpe:/a:kernel:udev:1.1.4

* cpe:/a:kernel:udev:1.1.3

* cpe:/a:kernel:udev:1.1.2

* cpe:/a:kernel:udev:1.1.1

* cpe:/a:kernel:udev:1.1.0

* cpe:/a:kernel:udev:1.0.9

* cpe:/a:kernel:udev:1.0.8

* cpe:/a:kernel:udev:1.0.7

* cpe:/a:kernel:udev:1.0.6

* cpe:/a:kernel:udev:1.0.5

* cpe:/a:kernel:udev:1.0.4

* cpe:/a:kernel:udev:1.0.3

* cpe:/a:kernel:udev:1.0.2

* cpe:/a:kernel:udev:1.0.1

* cpe:/a:kernel:udev:1.0.0

* cpe:/a:kernel:udev:0.9.9

* cpe:/a:kernel:udev:0.9.8

* cpe:/a:kernel:udev:0.9.7

* cpe:/a:kernel:udev:0.9.6

* cpe:/a:kernel:udev:0.9.5

* cpe:/a:kernel:udev:0.9.4

* cpe:/a:kernel:udev:0.9.3

* cpe:/a:kernel:udev:0.9.2

* cpe:/a:kernel:udev:0.9.1

* cpe:/a:kernel:udev:0.9.0

* cpe:/a:kernel:udev:0.8.9

* cpe:/a:kernel:udev:0.8.8

* cpe:/a:kernel:udev:0.8.7

* cpe:/a:kernel:udev:0.8.6

* cpe:/a:kernel:udev:0.8.5

* cpe:/a:kernel:udev:0.8.4

* cpe:/a:kernel:udev:0.8.3

* cpe:/a:kernel:udev:0.8.2

* cpe:/a:kernel:udev:0.8.1

* cpe:/a:kernel:udev:0.8.0

* cpe:/a:kernel:udev:0.7.9

* cpe:/a:kernel:udev:0.7.8

* cpe:/a:kernel:udev:0.7.7

* cpe:/a:kernel:udev:0.7.6

* cpe:/a:kernel:udev:0.7.5

* cpe:/a:kernel:udev:0.7.4

* cpe:/a:kernel:udev:0.7.3

* cpe:/a:kernel:udev:0.7.2

* cpe:/a:kernel:udev:0.7.1

* cpe:/a:kernel:udev:0.7.0

* cpe:/a:kernel:udev:0.6.9

* cpe:/a:kernel:udev:0.6.8

* cpe:/a:kernel:udev:0.6.7

* cpe:/a:kernel:udev:0.6.6

* cpe:/a:kernel:udev:0.6.5

* cpe:/a:kernel:udev:0.6.4

* cpe:/a:kernel:udev:0.6.3

* cpe:/a:kernel:udev:0.6.2

* cpe:/a:kernel:udev:0.6.1

* cpe:/a:kernel:udev:0.6.0

* cpe:/a:kernel:udev:0.5.9

* cpe:/a:kernel:udev:0.5.8

* cpe:/a:kernel:udev:0.5.7

* cpe:/a:kernel:udev:0.5.6

* cpe:/a:kernel:udev:0.5.5

* cpe:/a:kernel:udev:0.5.4

* cpe:/a:kernel:udev:0.5.3

* cpe:/a:kernel:udev:0.5.2

* cpe:/a:kernel:udev:0.5.1

* cpe:/a:kernel:udev:0.5.0

* cpe:/a:kernel:udev:0.4.9

* cpe:/a:kernel:udev:0.4.8

* cpe:/a:kernel:udev:0.4.7

* cpe:/a:kernel:udev:0.4.6

* cpe:/a:kernel:udev:0.4.5

* cpe:/a:kernel:udev:0.4.4

* cpe:/a:kernel:udev:0.4.3

* cpe:/a:kernel:udev:0.4.2

* cpe:/a:kernel:udev:0.4.0

* cpe:/a:kernel:udev:0.3.9

* cpe:/a:kernel:udev:0.3.8

* cpe:/a:kernel:udev:0.3.7

* cpe:/a:kernel:udev:0.3.6

* cpe:/a:kernel:udev:0.3.5

* cpe:/a:kernel:udev:0.3.4

* cpe:/a:kernel:udev:0.3.3

* cpe:/a:kernel:udev:0.3.2

* cpe:/a:kernel:udev:0.3.1

* cpe:/a:kernel:udev:0.3.0

* cpe:/a:kernel:udev:0.2.9

* cpe:/a:kernel:udev:0.2.8

* cpe:/a:kernel:udev:0.2.7

* cpe:/a:kernel:udev:0.2.6

* cpe:/a:kernel:udev:0.2.5

* cpe:/a:kernel:udev:0.2.4

* cpe:/a:kernel:udev:0.2.3

* cpe:/a:kernel:udev:0.2.2

* cpe:/a:kernel:udev:0.2.1

* cpe:/a:kernel:udev:0.2.0

* cpe:/a:kernel:udev:0.1.9

* cpe:/a:kernel:udev:0.1.8

* cpe:/a:kernel:udev:0.1.7

* cpe:/a:kernel:udev:0.1.6

* cpe:/a:kernel:udev:0.1.5

* cpe:/a:kernel:udev:0.1.4

* cpe:/a:kernel:udev:0.1.3

* cpe:/a:kernel:udev:0.1.2

* cpe:/a:kernel:udev:0.1.1-1

* cpe:/a:kernel:udev:0.1.0-1

* cpe:/a:kernel:udev:0.0.9

* cpe:/a:kernel:udev:0.0.9-1

* cpe:/a:kernel:udev:0.0.8

* cpe:/a:kernel:udev:0.0.8-1

* cpe:/a:kernel:udev:0.0.7

* cpe:/a:kernel:udev:0.0.6

* cpe:/a:kernel:udev:0.0.5

* cpe:/a:kernel:udev:0.0.5-1

* cpe:/a:kernel:udev:0.0.4

* cpe:/a:kernel:udev:0.0.4-1

* cpe:/a:kernel:udev:0.0.3

* cpe:/a:kernel:udev:0.0.2

* cpe:/a:kernel:udev:0.0.1

* cpe:/a:kernel:udev:1.4.0 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Input Validation (CWE-20)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185