CVE-2009-3621

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.

References

http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=77238f2b942b38ab4e7f3aced44084493e4a8675

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

http://lkml.org/lkml/2009/10/19/50

http://patchwork.kernel.org/patch/54678/

http://secunia.com/advisories/37086

http://secunia.com/advisories/37909

http://secunia.com/advisories/38017

http://secunia.com/advisories/38794

http://secunia.com/advisories/38834

http://www.mandriva.com/security/advisories?name=MDVSA-2009:329

http://www.openwall.com/lists/oss-security/2009/10/19/2

http://www.openwall.com/lists/oss-security/2009/10/19/4

http://www.redhat.com/support/errata/RHSA-2009-1670.html

http://www.redhat.com/support/errata/RHSA-2009-1671.html

http://www.ubuntu.com/usn/usn-864-1

http://www.vupen.com/english/advisories/2010/0528

https://bugzilla.redhat.com/show_bug.cgi?id=529626

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6895

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9921

https://rhn.redhat.com/errata/RHSA-2009-1540.html

https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html

Details

Source: MITRE

Published: 2009-10-22

Updated: 2020-08-12

Type: CWE-400

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 2.6.31.4 (inclusive)

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp3:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:*

cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*

Tenable Plugins

View all (39 total)

IDNameProductFamilySeverity
89740VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check)NessusVMware ESX Local Security Checks
critical
89737VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0004) (remote check)NessusVMware ESX Local Security Checks
high
79507OracleVM 2.2 : kernel (OVMSA-2013-0039)NessusOracleVM Local Security Checks
high
67973Oracle Linux 4 : kernel (ELSA-2009-1671)NessusOracle Linux Local Security Checks
high
67972Oracle Linux 5 : kernel (ELSA-2009-1670)NessusOracle Linux Local Security Checks
high
67955Oracle Linux 3 : kernel (ELSA-2009-1550)NessusOracle Linux Local Security Checks
high
67953Oracle Linux 5 : kernel (ELSA-2009-1548)NessusOracle Linux Local Security Checks
high
67952Oracle Linux 4 : kernel (ELSA-2009-1541)NessusOracle Linux Local Security Checks
high
67070CentOS 3 : kernel (CESA-2009:1550)NessusCentOS Local Security Checks
high
67068CentOS 5 : kernel (CESA-2009:1548)NessusCentOS Local Security Checks
high
67067CentOS 4 : kernel (CESA-2009:1541)NessusCentOS Local Security Checks
high
60706Scientific Linux Security Update : kernel on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
60705Scientific Linux Security Update : kernel on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
59143SuSE 10 Security Update : the Linux Kernel (x86_64) (ZYPP Patch Number 6730)NessusSuSE Local Security Checks
high
59142SuSE 10 Security Update : Linux Kernel (x86_64) (ZYPP Patch Number 6697)NessusSuSE Local Security Checks
high
49868SuSE 10 Security Update : Linux Kernel (x86) (ZYPP Patch Number 6694)NessusSuSE Local Security Checks
high
48161Mandriva Linux Security Advisory : kernel (MDVSA-2009:329)NessusMandriva Local Security Checks
high
46765VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updatesNessusVMware ESX Local Security Checks
high
44993VMSA-2010-0004 : ESX Service Console and vMA third-party updatesNessusVMware ESX Local Security Checks
high
44794Debian DSA-1929-1 : linux-2.6 - privilege escalation/denial of service/sensitive memory leakNessusDebian Local Security Checks
high
44793Debian DSA-1928-1 : linux-2.6.24 - privilege escalation/denial of service/sensitive memory leakNessusDebian Local Security Checks
high
44792Debian DSA-1927-1 : linux-2.6 - privilege escalation/denial of service/sensitive memory leakNessusDebian Local Security Checks
high
44654SuSE9 Security Update : the Linux kernel (YOU Patch Number 12578)NessusSuSE Local Security Checks
high
44621openSUSE Security Update : kernel (kernel-1908)NessusSuSE Local Security Checks
critical
43812CentOS 5 : kernel (CESA-2009:1670)NessusCentOS Local Security Checks
high
43631SuSE 11.2 Security Update: kernel (2009-12-18)NessusSuSE Local Security Checks
high
43398SuSE 10 Security Update : the Linux Kernel (i386) (ZYPP Patch Number 6726)NessusSuSE Local Security Checks
high
43354CentOS 4 : kernel (CESA-2009:1671)NessusCentOS Local Security Checks
high
43169RHEL 4 : kernel (RHSA-2009:1671)NessusRed Hat Local Security Checks
high
43168RHEL 5 : kernel (RHSA-2009:1670)NessusRed Hat Local Security Checks
high
43026Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : linux, linux-source-2.6.15 vulnerabilities (USN-864-1)NessusUbuntu Local Security Checks
high
42990SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1581 / 1588 / 1591)NessusSuSE Local Security Checks
high
42952openSUSE Security Update : kernel (kernel-1593)NessusSuSE Local Security Checks
high
42402Fedora 10 : kernel-2.6.27.38-170.2.113.fc10 (2009-11038)NessusFedora Local Security Checks
high
42400Fedora 11 : kernel-2.6.30.9-96.fc11 (2009-11032)NessusFedora Local Security Checks
high
42360RHEL 3 : kernel (RHSA-2009:1550)NessusRed Hat Local Security Checks
high
42358RHEL 5 : kernel (RHSA-2009:1548)NessusRed Hat Local Security Checks
high
42357RHEL 4 : kernel (RHSA-2009:1541)NessusRed Hat Local Security Checks
high
801479CentOS RHSA-2009-1670 Security CheckLog Correlation EngineGeneric
high