CVE - CVE-2009-2692

CVE-ID
CVE-2009-2692	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:36038 URL:http://www.securityfocus.com/bid/36038 BUGTRAQ:20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations URL:http://www.securityfocus.com/archive/1/505751/100/0/threaded BUGTRAQ:20090818 rPSA-2009-0121-1 kernel open-vm-tools URL:http://www.securityfocus.com/archive/1/505912/100/0/threaded BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded BUGTRAQ:20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel URL:http://www.securityfocus.com/archive/1/512019/100/0/threaded CONFIRM:http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3 CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98 CONFIRM:http://support.avaya.com/css/P8/documents/100067254 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121 CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5 CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5 CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=516949 CONFIRM:https://issues.rpath.com/browse/RPL-3103 DEBIAN:DSA-1865 URL:http://www.debian.org/security/2009/dsa-1865 EXPLOIT-DB:19933 URL:http://www.exploit-db.com/exploits/19933 EXPLOIT-DB:9477 URL:http://www.exploit-db.com/exploits/9477 FULLDISC:20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations URL:http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html MANDRIVA:MDVSA-2009:233 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:233~~ (Obsolete source) MISC:http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html MISC:http://grsecurity.net/~spender/wunderbar_emporium.tgz MISC:http://zenthought.org/content/file/android-root-2009-08-16-source MLIST:[oss-security] 20090814 CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc URL:http://www.openwall.com/lists/oss-security/2009/08/14/1 OVAL:oval:org.mitre.oval:def:11526 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526 OVAL:oval:org.mitre.oval:def:11591 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591 OVAL:oval:org.mitre.oval:def:8657 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657 REDHAT:RHSA-2009:1222 URL:http://rhn.redhat.com/errata/RHSA-2009-1222.html REDHAT:RHSA-2009:1223 URL:http://rhn.redhat.com/errata/RHSA-2009-1223.html REDHAT:RHSA-2009:1233 URL:http://www.redhat.com/support/errata/RHSA-2009-1233.html SECUNIA:36278 URL:http://secunia.com/advisories/36278 SECUNIA:36289 URL:http://secunia.com/advisories/36289 SECUNIA:36327 URL:http://secunia.com/advisories/36327 SECUNIA:36430 URL:http://secunia.com/advisories/36430 SECUNIA:37298 URL:http://secunia.com/advisories/37298 SECUNIA:37471 URL:http://secunia.com/advisories/37471 SUSE:SUSE-SR:2009:015 URL:http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html VUPEN:ADV-2009-2272 URL:~~http://www.vupen.com/english/advisories/2009/2272~~ (Obsolete source) VUPEN:ADV-2009-3316 URL:~~http://www.vupen.com/english/advisories/2009/3316~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20090805	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090805)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)