The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
28 Dec 2023, 15:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:* cpe:2.3:a:vmware:vcenter_server:4.0:-:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:* |
|
First Time |
Redhat enterprise Linux Desktop
Fedoraproject fedora Fedoraproject Vmware vcenter Server Redhat enterprise Linux Workstation Redhat enterprise Linux Eus Redhat enterprise Linux Server Aus Vmware esxi Redhat Redhat enterprise Linux Server Vmware |
|
References | (CONFIRM) http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19 - Broken Link, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/36108 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/23073 - Broken Link, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/36510 - Broken Link, Vendor Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2009-1223.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/37105 - Broken Link, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/37298 - Broken Link, Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/37471 - Broken Link, Vendor Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 - Broken Link, Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id?1022761 - Broken Link, Third Party Advisory, VDB Entry | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11514 - Broken Link, Third Party Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-1233.html - Broken Link, Third Party Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/507985/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9142 - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/36430 - Broken Link, Vendor Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/512019/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8557 - Broken Link, Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2009-1222.html - Third Party Advisory | |
References | () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1e0c14f49d6b393179f423abbac47f85618d3d46 - Broken Link | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
07 Nov 2023, 02:04
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2009-08-27 17:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-2698
Mitre link : CVE-2009-2698
CVE.ORG link : CVE-2009-2698
JSON object : View
Products Affected
linux
- linux_kernel
suse
- linux_enterprise_desktop
- linux_enterprise_server
redhat
- enterprise_linux_desktop
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_eus
- enterprise_linux_workstation
vmware
- vcenter_server
- esxi
canonical
- ubuntu_linux
fedoraproject
- fedora
CWE
CWE-476
NULL Pointer Dereference