CVE-2009-1046
Linux Kernel 2.6.24_16-23/2.6.27_7-10/2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries.
La funcionalidad de selección de consola en el kernel de Linux 2.6.28 en versiones anteriores a 2.6.28.4, 2.6.25 y posiblemente versiones anteriores, cuando se utiliza la consola UTF-8, permite a atacantes físicamente próximos causar una denegación de servicio (corrupción de memoria) seleccionando un número pequeño de carácteres de 3 bytes UTF-8, lo que desencadena un "error de memoria off-by-two". NOTA: no queda claro si el problema traspasa límites de privilegio.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-03-23 CVE Reserved
- 2009-03-23 CVE Published
- 2009-07-09 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/34917 | Third Party Advisory | |
| http://secunia.com/advisories/34981 | Third Party Advisory | |
| http://secunia.com/advisories/35121 | Third Party Advisory | |
| http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.4 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2009/02/12/10 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2009/02/12/11 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2009/02/12/9 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/9083 | 2009-07-09 |
| URL | Date | SRC |
|---|---|---|
| http://lists.openwall.net/linux-kernel/2009/01/30/333 | 2016-05-31 | |
| http://lists.openwall.net/linux-kernel/2009/02/02/364 | 2016-05-31 | |
| http://www.securityfocus.com/bid/33672 | 2016-05-31 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2009/dsa-1787 | 2016-05-31 | |
| http://www.debian.org/security/2009/dsa-1800 | 2016-05-31 | |
| http://www.redhat.com/support/errata/RHSA-2009-0451.html | 2016-05-31 | |
| http://www.ubuntu.com/usn/usn-751-1 | 2016-05-31 | |
| https://access.redhat.com/security/cve/CVE-2009-1046 | 2009-04-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=491787 | 2009-04-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.25 Search vendor "Linux" for product "Linux Kernel" and version "2.6.25" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.28 Search vendor "Linux" for product "Linux Kernel" and version "2.6.28" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.28.1 Search vendor "Linux" for product "Linux Kernel" and version "2.6.28.1" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.28.2 Search vendor "Linux" for product "Linux Kernel" and version "2.6.28.2" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.28.3 Search vendor "Linux" for product "Linux Kernel" and version "2.6.28.3" | - |
Affected
| ||||||