CVE-2009-3002

Linux Kernel 2.6.30 - 'atalk_getname()' 8-bytes Stack Disclosure

Severity Score

4.9

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.

El kernel de Linux antes de v2.6.31-rc7 no inicializa ciertas estructuras de datos dentro de las funciones getname, lo que permite a usuarios locales leer el contenido de algunas celdas de memoria del núcleo llamando a getsockname en (1) un socket AF_APPLETALK, relacionado con la función atalk_getname en net/appletalk/ddp.c; (2) un socket AF_IRDA, relacionado con la función irda_getname en net/irda/af_irda.c; (3) un socket AF_ECONET, relacionado con la función econet_getname en net/econet/af_econet.c; (4) un socket AF_NETROM, relacionado con la función nr_getname en net/netrom/af_netrom.c; (5) un socket AF_ROSE, relacionado con la función rose_getname en net/rose/af_rose.c, o (6) un raw socket CAN , relacionado con la función raw_getname en net/can/raw.c.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-08-26 First Exploit
2009-08-28 CVE Reserved
2009-08-28 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (27)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=09384dfc76e526c3993c09c42e016372dc9dd22c	X_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=17ac2e9c58b69a1e25460a568eae1b0dc0188c25	X_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d392475c873c10c10d6d96b94d092a34ebd4791	X_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=80922bbb12a105f858a8f0abb879cb4302d0ecaa	X_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e84b90ae5eb3c112d1f208964df1d8156a538289	X_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6b97b29513950bfbf621a83d85b6f86b39ec8db	X_refsource_confirm
http://secunia.com/advisories/36438	Third Party Advisory
http://secunia.com/advisories/37105	Third Party Advisory
http://secunia.com/advisories/37351	Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/08/27/1	Mailing List
http://www.openwall.com/lists/oss-security/2009/08/27/2	Mailing List
http://www.securityfocus.com/archive/1/512019/100/0/threaded	Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/9521	2009-08-26
https://www.exploit-db.com/exploits/9543	2009-08-31
http://www.exploit-db.com/exploits/9521	2024-08-07
http://www.securityfocus.com/bid/36150	2024-08-07
https://bugzilla.redhat.com/show_bug.cgi?id=519305	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html	2023-11-07
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7	2023-11-07
http://www.ubuntu.com/usn/USN-852-1	2023-11-07
https://rhn.redhat.com/errata/RHSA-2009-1540.html	2023-11-07
https://rhn.redhat.com/errata/RHSA-2009-1550.html	2023-11-07
https://access.redhat.com/security/cve/CVE-2009-3002	2009-11-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 2.6.31 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.31"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31"		rc1		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31"		rc2		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31"		rc3		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31"		rc4		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31"		rc5		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31"		rc6		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				9.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04"		-		Affected