CVE-2009-2848

MEDIUM

Description

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.

References

http://article.gmane.org/gmane.linux.kernel/871942

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

http://rhn.redhat.com/errata/RHSA-2009-1243.html

http://secunia.com/advisories/35983

http://secunia.com/advisories/36501

http://secunia.com/advisories/36562

http://secunia.com/advisories/36759

http://secunia.com/advisories/37105

http://secunia.com/advisories/37351

http://secunia.com/advisories/37471

http://www.openwall.com/lists/oss-security/2009/08/04/2

http://www.openwall.com/lists/oss-security/2009/08/05/10

http://www.redhat.com/support/errata/RHSA-2009-1438.html

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/archive/1/512019/100/0/threaded

http://www.ubuntu.com/usn/USN-852-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2009/3316

https://exchange.xforce.ibmcloud.com/vulnerabilities/52899

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766

https://rhn.redhat.com/errata/RHSA-2009-1550.html

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html

Details

Source: MITRE

Published: 2009-08-18

Updated: 2020-08-28

Type: CWE-269

Risk Information

CVSS v2.0

Base Score: 5.9

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:C

Impact Score: 8.5

Exploitability Score: 3.4

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 2.6.29.5 (inclusive)

cpe:2.3:o:linux:linux_kernel:2.6.30:-:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.30:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.30:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.30:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.30:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.30:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.30:rc6:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*

Configuration 7

AND

OR

cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:*

OR

cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
89117VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)NessusMisc.
critical
79507OracleVM 2.2 : kernel (OVMSA-2013-0039)NessusOracleVM Local Security Checks
critical
67955Oracle Linux 3 : kernel (ELSA-2009-1550)NessusOracle Linux Local Security Checks
high
67925Oracle Linux 4 : kernel (ELSA-2009-1438)NessusOracle Linux Local Security Checks
high
67070CentOS 3 : kernel (CESA-2009:1550)NessusCentOS Local Security Checks
high
63898RHEL 5 : kernel (RHSA-2009:1466)NessusRed Hat Local Security Checks
medium
60688Scientific Linux Security Update : kernel on SL3.x i386/x86_64NessusScientific Linux Local Security Checks
high
59140SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6636)NessusSuSE Local Security Checks
high
47150VMSA-2010-0010 : ESX 3.5 third-party update for Service Console kernelNessusVMware ESX Local Security Checks
high
44793Debian DSA-1928-1 : linux-2.6.24 - privilege escalation/denial of service/sensitive memory leakNessusDebian Local Security Checks
high
44737Debian DSA-1872-1 : linux-2.6 - denial of service/privilege escalation/information leakNessusDebian Local Security Checks
high
44621openSUSE Security Update : kernel (kernel-1908)NessusSuSE Local Security Checks
critical
43790CentOS 4 : kernel (CESA-2009:1438)NessusCentOS Local Security Checks
high
43779CentOS 5 : kernel (CESA-2009:1243)NessusCentOS Local Security Checks
medium
42870VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.NessusVMware ESX Local Security Checks
critical
42812SuSE9 Security Update : Linux kernel (YOU Patch Number 12541)NessusSuSE Local Security Checks
high
42465SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6632)NessusSuSE Local Security Checks
high
42360RHEL 3 : kernel (RHSA-2009:1550)NessusRed Hat Local Security Checks
high
42209Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : linux, linux-source-2.6.15 vulnerabilities (USN-852-1)NessusUbuntu Local Security Checks
high
40998RHEL 4 : kernel (RHSA-2009:1438)NessusRed Hat Local Security Checks
high
40835RHEL 5 : kernel (RHSA-2009:1243)NessusRed Hat Local Security Checks
medium
40780Fedora 11 : kernel-2.6.29.6-217.2.16.fc11 (2009-9044)NessusFedora Local Security Checks
high
801476CentOS RHSA-2009-1438 Security CheckLog Correlation EngineGeneric
high