National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-1265)

National Cyber-Alert System

Vulnerability Summary for CVE-2009-1265

Original release date:04/08/2009

Last revised:06/23/2009

Source: US-CERT/NIST

Overview

Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information

Vendor Statments (disclaimer)

Official Statement from Red Hat (06/17/2009): This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 4, 5, or Red Hat Enterprise MRG, as the affected driver is not enabled in these kernels. The affected driver is available in Red Hat Enterprise Linux 3, but only if the kernel-unsupported package is installed. This issue has been rated as having moderate security impact as it does not lead to a denial of service or privilege escalation. As Red Hat Enterprise Linux 3 is now in Production 3 of its maintenance life-cycle, http://www.redhat.com/security/updates/errata, and the affected driver can only be enabled when using the unsupported kernel-unsupported package, a fix for this issue is not currently planned to be included in the future updates.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: BID

Name: 34654

Hyperlink:http://www.securityfocus.com/bid/34654

External Source: MLIST

Name: [oss-security] 20090408 CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size

Hyperlink:http://www.openwall.com/lists/oss-security/2009/04/08/2

External Source: MANDRIVA

Name: MDVSA-2009:135

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:135

External Source: MANDRIVA

Name: MDVSA-2009:119

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:119

External Source: DEBIAN

Name: DSA-1800

Hyperlink:http://www.debian.org/security/2009/dsa-1800

External Source: DEBIAN

Name: DSA-1794

Hyperlink:http://www.debian.org/security/2009/dsa-1794

External Source: DEBIAN

Name: DSA-1787

Hyperlink:http://www.debian.org/security/2009/dsa-1787

External Source: SECUNIA

Name: 35394

Hyperlink:http://secunia.com/advisories/35394

External Source: SECUNIA

Name: 35390

Hyperlink:http://secunia.com/advisories/35390

External Source: SECUNIA

Name: 35387

Hyperlink:http://secunia.com/advisories/35387

External Source: SECUNIA

Name: 35185

Hyperlink:http://secunia.com/advisories/35185

External Source: SECUNIA

Name: 35121

Hyperlink:http://secunia.com/advisories/35121

External Source: SECUNIA

Name: 35011

Hyperlink:http://secunia.com/advisories/35011

External Source: SECUNIA

Name: 34981

Hyperlink:http://secunia.com/advisories/34981

External Source: OSVDB

Name: 53631

Hyperlink:http://osvdb.org/53631

External Source: OSVDB

Name: 53630

Hyperlink:http://osvdb.org/53630

External Source: OSVDB

Name: 53571

Hyperlink:http://osvdb.org/53571

External Source: SUSE

Name: SUSE-SA:2009:032

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html

External Source: SUSE

Name: SUSE-SA:2009:031

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html

External Source: SUSE

Name: SUSE-SA:2009:030

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html

External Source: SUSE

Name: SUSE-SA:2009:028

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html

External Source: CONFIRM

Name: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=83e0bbcbe2145f160fbaa109b0439dae7f4a38a9

Hyperlink:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=83e0bbcbe2145f160fbaa109b0439dae7f4a38a9

External Source: MISC

Name: http://bugzilla.kernel.org/show_bug.cgi?id=10423

Hyperlink:http://bugzilla.kernel.org/show_bug.cgi?id=10423

Vulnerable software and versions

Configuration 1

* cpe:/o:kernel:linux:2.6.24.2

* cpe:/o:kernel:linux:2.6.24.1

* cpe:/o:kernel:linux:2.6.24.4

* cpe:/o:kernel:linux:2.6.24.3

* cpe:/o:kernel:linux:2.6.24

* cpe:/o:kernel:linux:2.6.24.6

* cpe:/o:kernel:linux:2.6.24.5

* cpe:/o:kernel:linux:2.6.24.7

* cpe:/o:kernel:linux:2.6.25

* cpe:/o:kernel:linux:2.6.25.17

* cpe:/o:kernel:linux:2.6.25.14

* cpe:/o:kernel:linux:2.6.25.13

* cpe:/o:kernel:linux:2.6.25.1

* cpe:/o:kernel:linux:2.6.25.16

* cpe:/o:kernel:linux:2.6.25.15

* cpe:/o:kernel:linux:2.6.25.10

* cpe:/o:kernel:linux:2.6.25.12

* cpe:/o:kernel:linux:2.6.25.11

* cpe:/o:kernel:linux:2.6.25.18

* cpe:/o:kernel:linux:2.6.25.20

* cpe:/o:kernel:linux:2.6.25.19

* cpe:/o:kernel:linux:2.6.25.3

* cpe:/o:kernel:linux:2.6.25.4

* cpe:/o:kernel:linux:2.6.25.2

* cpe:/o:kernel:linux:2.6.25.6

* cpe:/o:kernel:linux:2.6.25.5

* cpe:/o:kernel:linux:2.6.25.8

* cpe:/o:kernel:linux:2.6.25.7

* cpe:/o:kernel:linux:2.6.25:rc8

* cpe:/o:kernel:linux:2.6.25:rc7

* cpe:/o:kernel:linux:2.6.25.9

* cpe:/o:kernel:linux:2.6.25:rc9

* cpe:/o:kernel:linux:2.6.26-rc8-mm1

* cpe:/o:kernel:linux:2.6.26-rc9-git5

* cpe:/o:kernel:linux:2.6.26

* cpe:/o:kernel:linux:2.6.26-rc9

* cpe:/o:kernel:linux:2.6.26.1

* cpe:/o:kernel:linux:2.6.26.4

* cpe:/o:kernel:linux:2.6.26.2

* cpe:/o:kernel:linux:2.6.26.3

* cpe:/o:kernel:linux:2.6.26.6

* cpe:/o:kernel:linux:2.6.26.5

* cpe:/o:kernel:linux:2.6.26:rc4

* cpe:/o:kernel:linux:2.6.26:rc5

* cpe:/o:kernel:linux:2.6.26:rc6

* cpe:/o:kernel:linux:2.6.26:rc7

* cpe:/o:kernel:linux:2.6.26:rc8

* cpe:/o:kernel:linux:2.6.26.8

* cpe:/o:kernel:linux:2.6.26:rc2

* cpe:/o:kernel:linux:2.6.26.7

* cpe:/o:kernel:linux:2.6.26:rc1

* cpe:/o:kernel:linux:2.6.26:rc3

* cpe:/o:kernel:linux:2.6.26:rc9

* cpe:/o:kernel:linux:2.6.27.13

* cpe:/o:kernel:linux:2.6.27.12

* cpe:/o:kernel:linux:2.6.27.11

* cpe:/o:kernel:linux:2.6.27.10

* cpe:/o:kernel:linux:2.6.27.17

* cpe:/o:kernel:linux:2.6.27.16

* cpe:/o:kernel:linux:2.6.27

* cpe:/o:kernel:linux:2.6.27.15

* cpe:/o:kernel:linux:2.6.27.1

* cpe:/o:kernel:linux:2.6.27.14

* cpe:/o:kernel:linux:2.6.27.2

* cpe:/o:kernel:linux:2.6.27.3

* cpe:/o:kernel:linux:2.6.27.19

* cpe:/o:kernel:linux:2.6.27.4

* cpe:/o:kernel:linux:2.6.27.18

* cpe:/o:kernel:linux:2.6.27.5

* cpe:/o:kernel:linux:2.6.27.6

* cpe:/o:kernel:linux:2.6.27.7

* cpe:/o:kernel:linux:2.6.27.8

* cpe:/o:kernel:linux:2.6.27.9

* cpe:/o:kernel:linux:2.6.28.6

* cpe:/o:kernel:linux:2.6.28.7

* cpe:/o:kernel:linux:2.6.28.3

* cpe:/o:kernel:linux:2.6.28.8

* cpe:/o:kernel:linux:2.6.28.2

* cpe:/o:kernel:linux:2.6.28.1

* cpe:/o:kernel:linux:2.6.28

* cpe:/o:kernel:linux:2.6.28.5

* cpe:/o:kernel:linux:2.6.28.4

* cpe:/o:kernel:linux:2.6.29

* cpe:/o:kernel:linux:2.6.29.1 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Buffer Errors (CWE-119)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1265