National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2009-3002 Detail

Current Description

The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.

Source:  MITRE
Description Last Modified:  08/28/2009
View Analysis Description

Impact

CVSS v2.0 Severity and Metrics:

Base Score: 4.9 MEDIUM
Vector: (AV:L/AC:L/Au:N/C:C/I:N/A:N) (V2 legend)
Impact Subscore: 6.9
Exploitability Subscore: 3.9


Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): None
Availability (A): None
Additional Information:
Allows unauthorized disclosure of information

Vendor Statements (disclaimer)

Official Statement from Red Hat (11/04/2009)

CVE-2009-3002 describes a collection of similar information leaks that affect numerous networking protocols. The Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 did not enable support for the AppleTalk DDP protocol, and therefore were not affected by issue (1). It was addressed in Red Hat Enterprise Linux 3 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1550.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively. The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG did not enable support for IrDA sockets, and therefore were not affected by issue (2). It was addressed in Red Hat Enterprise Linux 3 via: https://rhn.redhat.com/errata/RHSA-2009-1550.html The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG did not enable support for the Acorn Econet and AUN protocols, and therefore were not affected by issue (3). The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG did not enable support for the NET/ROM and ROSE protocols, and therefore were not affected by issues (4) and (5). They were addressed in Red Hat Enterprise Linux 3 via: https://rhn.redhat.com/errata/RHSA-2009-1550.html The raw_getname() leak was introduced in the Linux kernel version 2.6.25-rc1. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG therefore were not affected by issue (6).

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=09384dfc76e526c3993c09c42e016372dc9dd22c Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=17ac2e9c58b69a1e25460a568eae1b0dc0188c25 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d392475c873c10c10d6d96b94d092a34ebd4791 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=80922bbb12a105f858a8f0abb879cb4302d0ecaa Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e84b90ae5eb3c112d1f208964df1d8156a538289 Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f6b97b29513950bfbf621a83d85b6f86b39ec8db Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html Mailing List Third Party Advisory
http://www.exploit-db.com/exploits/9521 Third Party Advisory VDB Entry
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7 Vendor Advisory
http://www.openwall.com/lists/oss-security/2009/08/27/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/08/27/2 Mailing List Third Party Advisory
http://www.securityfocus.com/archive/1/512019/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/36150 Exploit Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-852-1 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=519305 Exploit Issue Tracking Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741 Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2009-1540.html Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2009-1550.html Third Party Advisory

References to Check Content

Identifier:
oval:org.mitre.oval:def:11611
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11611
Identifier:
oval:org.mitre.oval:def:11741
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11741

Technical Details

Vulnerability Type (View All)

  • Information Leak / Disclosure (CWE-200)

Change History

4 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2009-3002
NVD Published Date:
08/28/2009
NVD Last Modified:
11/16/2018