CVE-2009-3612

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad61df918c44316940404891d5082c63e79c256a

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

http://patchwork.ozlabs.org/patch/35412/

http://secunia.com/advisories/37086

http://secunia.com/advisories/37909

http://secunia.com/advisories/38794

http://secunia.com/advisories/38834

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc5

http://www.mandriva.com/security/advisories?name=MDVSA-2009:329

http://www.openwall.com/lists/oss-security/2009/10/14/1

http://www.openwall.com/lists/oss-security/2009/10/14/2

http://www.openwall.com/lists/oss-security/2009/10/15/1

http://www.openwall.com/lists/oss-security/2009/10/15/3

http://www.redhat.com/support/errata/RHSA-2009-1670.html

http://www.ubuntu.com/usn/usn-864-1

http://www.vupen.com/english/advisories/2010/0528

https://bugzilla.redhat.com/show_bug.cgi?id=528868

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10395

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7557

https://rhn.redhat.com/errata/RHSA-2009-1540.html

https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html

Details

Source: MITRE

Published: 2009-10-19

Updated: 2020-08-14

Type: CWE-200

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
89740VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check)NessusVMware ESX Local Security Checks
critical
89737VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0004) (remote check)NessusVMware ESX Local Security Checks
high
79507OracleVM 2.2 : kernel (OVMSA-2013-0039)NessusOracleVM Local Security Checks
high
67972Oracle Linux 5 : kernel (ELSA-2009-1670)NessusOracle Linux Local Security Checks
high
67955Oracle Linux 3 : kernel (ELSA-2009-1550)NessusOracle Linux Local Security Checks
high
67953Oracle Linux 5 : kernel (ELSA-2009-1548)NessusOracle Linux Local Security Checks
high
67952Oracle Linux 4 : kernel (ELSA-2009-1541)NessusOracle Linux Local Security Checks
high
67945Oracle Linux 4 : kernel (ELSA-2009-1522)NessusOracle Linux Local Security Checks
medium
67070CentOS 3 : kernel (CESA-2009:1550)NessusCentOS Local Security Checks
high
67068CentOS 5 : kernel (CESA-2009:1548)NessusCentOS Local Security Checks
high
67067CentOS 4 : kernel (CESA-2009:1541)NessusCentOS Local Security Checks
high
60706Scientific Linux Security Update : kernel on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
59143SuSE 10 Security Update : the Linux Kernel (x86_64) (ZYPP Patch Number 6730)NessusSuSE Local Security Checks
high
59142SuSE 10 Security Update : Linux Kernel (x86_64) (ZYPP Patch Number 6697)NessusSuSE Local Security Checks
high
49868SuSE 10 Security Update : Linux Kernel (x86) (ZYPP Patch Number 6694)NessusSuSE Local Security Checks
high
48161Mandriva Linux Security Advisory : kernel (MDVSA-2009:329)NessusMandriva Local Security Checks
high
46765VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updatesNessusVMware ESX Local Security Checks
high
44993VMSA-2010-0004 : ESX Service Console and vMA third-party updatesNessusVMware ESX Local Security Checks
high
44794Debian DSA-1929-1 : linux-2.6 - privilege escalation/denial of service/sensitive memory leakNessusDebian Local Security Checks
high
44793Debian DSA-1928-1 : linux-2.6.24 - privilege escalation/denial of service/sensitive memory leakNessusDebian Local Security Checks
high
44792Debian DSA-1927-1 : linux-2.6 - privilege escalation/denial of service/sensitive memory leakNessusDebian Local Security Checks
high
44621openSUSE Security Update : kernel (kernel-1908)NessusSuSE Local Security Checks
critical
43812CentOS 5 : kernel (CESA-2009:1670)NessusCentOS Local Security Checks
high
43398SuSE 10 Security Update : the Linux Kernel (i386) (ZYPP Patch Number 6726)NessusSuSE Local Security Checks
high
43168RHEL 5 : kernel (RHSA-2009:1670)NessusRed Hat Local Security Checks
high
43026Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-864-1)NessusUbuntu Local Security Checks
high
42990SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1581 / 1588 / 1591)NessusSuSE Local Security Checks
high
42952openSUSE Security Update : kernel (kernel-1593)NessusSuSE Local Security Checks
high
42402Fedora 10 : kernel-2.6.27.38-170.2.113.fc10 (2009-11038)NessusFedora Local Security Checks
high
42360RHEL 3 : kernel (RHSA-2009:1550)NessusRed Hat Local Security Checks
high
42358RHEL 5 : kernel (RHSA-2009:1548)NessusRed Hat Local Security Checks
high
42357RHEL 4 : kernel (RHSA-2009:1541)NessusRed Hat Local Security Checks
high
42271Fedora 11 : kernel-2.6.30.9-90.fc11 (2009-10639)NessusFedora Local Security Checks
high
42257CentOS 4 : kernel (CESA-2009:1522)NessusCentOS Local Security Checks
medium
42216RHEL 4 : kernel (RHSA-2009:1522)NessusRed Hat Local Security Checks
medium
801479CentOS RHSA-2009-1670 Security CheckLog Correlation EngineGeneric
high