CVE - CVE-2009-0676

CVE-ID
CVE-2009-0676	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded MLIST:[linux-kernel] 20090212 [PATCH] 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2 URL:http://lkml.org/lkml/2009/2/12/123 MLIST:[oss-security] 20090220 CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt URL:http://openwall.com/lists/oss-security/2009/02/20/1 MLIST:[linux-kernel] 20090223 net: amend the fix for SO_BSDCOMPAT gsopt infoleak URL:http://marc.info/?l=linux-kernel&m=123540732700371&w=2 MLIST:[oss-security] 20090224 Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt URL:http://www.openwall.com/lists/oss-security/2009/02/24/1 MLIST:[oss-security] 20090302 Re: CVE request: kernel: memory disclosure in SO_BSDCOMPAT gsopt URL:http://www.openwall.com/lists/oss-security/2009/03/02/6 CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=df0bca049d01c0ee94afb7cd5dfd959541e6c8da CONFIRM:http://patchwork.kernel.org/patch/6816/ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.6 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=486305 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html DEBIAN:DSA-1749 URL:http://www.debian.org/security/2009/dsa-1749 DEBIAN:DSA-1787 URL:http://www.debian.org/security/2009/dsa-1787 DEBIAN:DSA-1794 URL:http://www.debian.org/security/2009/dsa-1794 MANDRIVA:MDVSA-2009:071 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:071 REDHAT:RHSA-2009:0360 URL:http://www.redhat.com/support/errata/RHSA-2009-0360.html REDHAT:RHSA-2009:0326 URL:http://www.redhat.com/support/errata/RHSA-2009-0326.html REDHAT:RHSA-2009:0459 URL:http://rhn.redhat.com/errata/RHSA-2009-0459.html SUSE:SUSE-SA:2009:021 URL:http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.html SUSE:SUSE-SA:2009:030 URL:http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html SUSE:SUSE-SA:2009:031 URL:http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html UBUNTU:USN-751-1 URL:http://www.ubuntu.com/usn/usn-751-1 BID:33846 URL:http://www.securityfocus.com/bid/33846 OVAL:oval:org.mitre.oval:def:11653 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11653 OVAL:oval:org.mitre.oval:def:8618 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8618 SECUNIA:34394 URL:http://secunia.com/advisories/34394 SECUNIA:33758 URL:http://secunia.com/advisories/33758 SECUNIA:34502 URL:http://secunia.com/advisories/34502 SECUNIA:34680 URL:http://secunia.com/advisories/34680 SECUNIA:34786 URL:http://secunia.com/advisories/34786 SECUNIA:34962 URL:http://secunia.com/advisories/34962 SECUNIA:34981 URL:http://secunia.com/advisories/34981 SECUNIA:35011 URL:http://secunia.com/advisories/35011 SECUNIA:35390 URL:http://secunia.com/advisories/35390 SECUNIA:35394 URL:http://secunia.com/advisories/35394 SECUNIA:37471 URL:http://secunia.com/advisories/37471 VUPEN:ADV-2009-3316 URL:http://www.vupen.com/english/advisories/2009/3316 XF:kernel-sock-information-disclosure(48847) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/48847
Assigning CNA
N/A
Date Entry Created
20090222	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090222)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org