CVE - CVE-2009-1185

CVE-ID
CVE-2009-1185	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1022067 URL:http://www.securitytracker.com/id?1022067 MISC:20090417 rPSA-2009-0063-1 udev URL:http://www.securityfocus.com/archive/1/502752/100/0/threaded MISC:20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl URL:http://www.securityfocus.com/archive/1/504849/100/0/threaded MISC:34536 URL:http://www.securityfocus.com/bid/34536 MISC:34731 URL:http://secunia.com/advisories/34731 MISC:34750 URL:http://secunia.com/advisories/34750 MISC:34753 URL:http://secunia.com/advisories/34753 MISC:34771 URL:http://secunia.com/advisories/34771 MISC:34776 URL:http://secunia.com/advisories/34776 MISC:34785 URL:http://secunia.com/advisories/34785 MISC:34787 URL:http://secunia.com/advisories/34787 MISC:34801 URL:http://secunia.com/advisories/34801 MISC:35766 URL:http://secunia.com/advisories/35766 MISC:8572 URL:https://www.exploit-db.com/exploits/8572 MISC:ADV-2009-1053 URL:~~http://www.vupen.com/english/advisories/2009/1053~~ (Obsolete source) MISC:ADV-2009-1865 URL:~~http://www.vupen.com/english/advisories/2009/1865~~ (Obsolete source) MISC:DSA-1772 URL:http://www.debian.org/security/2009/dsa-1772 MISC:FEDORA-2009-3711 URL:https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00463.html MISC:FEDORA-2009-3712 URL:https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00462.html MISC:GLSA-200904-18 URL:http://www.gentoo.org/security/en/glsa/glsa-200904-18.xml MISC:MDVSA-2009:103 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:103~~ (Obsolete source) MISC:MDVSA-2009:104 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:104~~ (Obsolete source) MISC:RHSA-2009:0427 URL:http://www.redhat.com/support/errata/RHSA-2009-0427.html MISC:SSA:2009-111-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.446399 MISC:SUSE-SA:2009:020 URL:http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00006.html MISC:SUSE-SA:2009:025 URL:http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00012.html MISC:USN-758-1 URL:http://www.ubuntu.com/usn/usn-758-1 MISC:[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl URL:http://lists.vmware.com/pipermail/security-announce/2009/000060.html MISC:http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e2b362d9f23d4c63018709ab5f81a02f72b91e75 URL:http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e2b362d9f23d4c63018709ab5f81a02f72b91e75 MISC:http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e86a923d508c2aed371cdd958ce82489cf2ab615 URL:http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e86a923d508c2aed371cdd958ce82489cf2ab615 MISC:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 URL:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 MISC:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 URL:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 MISC:http://wiki.rpath.com/Advisories:rPSA-2009-0063 URL:http://wiki.rpath.com/Advisories:rPSA-2009-0063 MISC:http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063 URL:http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063 MISC:http://www.vmware.com/security/advisories/VMSA-2009-0009.html URL:http://www.vmware.com/security/advisories/VMSA-2009-0009.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=495051 URL:https://bugzilla.redhat.com/show_bug.cgi?id=495051 MISC:https://launchpad.net/bugs/cve/2009-1185 URL:https://launchpad.net/bugs/cve/2009-1185 MISC:oval:org.mitre.oval:def:10925 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10925 MISC:oval:org.mitre.oval:def:5975 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5975
Assigning CNA
Red Hat, Inc.
Date Record Created
20090331	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090331)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)