CVE-2009-2847

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0083fc2c50e6c5127c2802ad323adf8143ab7856

http://rhn.redhat.com/errata/RHSA-2009-1243.html

http://secunia.com/advisories/36136

http://secunia.com/advisories/36501

http://secunia.com/advisories/36562

http://secunia.com/advisories/36759

http://secunia.com/advisories/37105

http://secunia.com/advisories/37471

http://www.exploit-db.com/exploits/9352

http://www.openwall.com/lists/oss-security/2009/08/04/1

http://www.openwall.com/lists/oss-security/2009/08/05/1

http://www.openwall.com/lists/oss-security/2009/08/26/2

http://www.redhat.com/support/errata/RHSA-2009-1438.html

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.ubuntu.com/usn/USN-852-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2009/3316

https://bugzilla.redhat.com/show_bug.cgi?id=515392

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10637

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8405

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html

Details

Source: MITRE

Published: 2009-08-18

Updated: 2018-10-10

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:linux:kernel:2.6.24.7:*:*:*:*:*:*:*

cpe:2.3:a:linux:kernel:2.6.25.15:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.4:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.9:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.10:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.11:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.11.12:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.12.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.12.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.12.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.12.4:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.12.5:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.12.6:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.13.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.13.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.13.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.13.4:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.13.5:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.14.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.14.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.14.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.14.5:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.14.6:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.14.7:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.15:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.15.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.15.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.15.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.15.4:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.15.5:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.15.6:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.15.7:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.10:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.11:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.12:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.13:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.14:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.15:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.25:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.26:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.27:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.28:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.29:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.30:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.31:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:-rc5:*:*:*:*:*:*

OR

cpe:2.3:h:linux:linux:*:*:x64:*:*:*:*:*

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
89117VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)NessusMisc.
critical
79507OracleVM 2.2 : kernel (OVMSA-2013-0039)NessusOracleVM Local Security Checks
high
67925Oracle Linux 4 : kernel (ELSA-2009-1438)NessusOracle Linux Local Security Checks
high
63898RHEL 5 : kernel (RHSA-2009:1466)NessusRed Hat Local Security Checks
medium
44793Debian DSA-1928-1 : linux-2.6.24 - privilege escalation/denial of service/sensitive memory leakNessusDebian Local Security Checks
high
44737Debian DSA-1872-1 : linux-2.6 - denial of service/privilege escalation/information leakNessusDebian Local Security Checks
high
43790CentOS 4 : kernel (CESA-2009:1438)NessusCentOS Local Security Checks
high
43779CentOS 5 : kernel (CESA-2009:1243)NessusCentOS Local Security Checks
medium
42870VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.NessusVMware ESX Local Security Checks
medium
42209Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : linux, linux-source-2.6.15 vulnerabilities (USN-852-1)NessusUbuntu Local Security Checks
high
41973Fedora 10 : kernel-2.6.27.35-170.2.94.fc10 (2009-10165)NessusFedora Local Security Checks
high
40998RHEL 4 : kernel (RHSA-2009:1438)NessusRed Hat Local Security Checks
high
40835RHEL 5 : kernel (RHSA-2009:1243)NessusRed Hat Local Security Checks
medium
40780Fedora 11 : kernel-2.6.29.6-217.2.16.fc11 (2009-9044)NessusFedora Local Security Checks
high
801476CentOS RHSA-2009-1438 Security CheckLog Correlation EngineGeneric
high