CVE - CVE-2009-2692

CVE-ID
CVE-2009-2692	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations URL:http://www.securityfocus.com/archive/1/505751/100/0/threaded BUGTRAQ:20090818 rPSA-2009-0121-1 kernel open-vm-tools URL:http://www.securityfocus.com/archive/1/505912/100/0/threaded BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded BUGTRAQ:20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel URL:http://www.securityfocus.com/archive/1/512019/100/0/threaded EXPLOIT-DB:19933 URL:http://www.exploit-db.com/exploits/19933 FULLDISC:20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations URL:http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html EXPLOIT-DB:9477 URL:http://www.exploit-db.com/exploits/9477 MLIST:[oss-security] 20090814 CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc URL:http://www.openwall.com/lists/oss-security/2009/08/14/1 MISC:http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html MISC:http://grsecurity.net/~spender/wunderbar_emporium.tgz MISC:http://zenthought.org/content/file/android-root-2009-08-16-source CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98 CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5 CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6 CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121 CONFIRM:https://issues.rpath.com/browse/RPL-3103 CONFIRM:http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=516949 CONFIRM:http://support.avaya.com/css/P8/documents/100067254 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html DEBIAN:DSA-1865 URL:http://www.debian.org/security/2009/dsa-1865 MANDRIVA:MDVSA-2009:233 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:233 REDHAT:RHSA-2009:1222 URL:http://rhn.redhat.com/errata/RHSA-2009-1222.html REDHAT:RHSA-2009:1223 URL:http://rhn.redhat.com/errata/RHSA-2009-1223.html REDHAT:RHSA-2009:1233 URL:http://www.redhat.com/support/errata/RHSA-2009-1233.html SUSE:SUSE-SR:2009:015 URL:http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html BID:36038 URL:http://www.securityfocus.com/bid/36038 OVAL:oval:org.mitre.oval:def:11526 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526 OVAL:oval:org.mitre.oval:def:11591 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591 OVAL:oval:org.mitre.oval:def:8657 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657 SECUNIA:36289 URL:http://secunia.com/advisories/36289 SECUNIA:36327 URL:http://secunia.com/advisories/36327 SECUNIA:36278 URL:http://secunia.com/advisories/36278 SECUNIA:36430 URL:http://secunia.com/advisories/36430 SECUNIA:37298 URL:http://secunia.com/advisories/37298 SECUNIA:37471 URL:http://secunia.com/advisories/37471 VUPEN:ADV-2009-2272 URL:http://www.vupen.com/english/advisories/2009/2272 VUPEN:ADV-2009-3316 URL:http://www.vupen.com/english/advisories/2009/3316
Assigning CNA
N/A
Date Entry Created
20090805	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090805)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org