CVE-2009-3002
published 2009-08-28CVE-2009-3002: The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some…
PriorityP420medium4.9CVSS 2.0
AVLACLAuNCCINAN
EXPLOIT
EPSS
1.03%
59.3th percentile
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| linux | linux_kernel | < 2.6.31 | 2.6.31 |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:C/I:N/A:N
vendor_redhat4.9MEDIUM
vendor_ubuntu4.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6v8v-wc26-56rj: The Linux kernel before 2
ghsa_unreviewed·2022-05-02
CVE-2009-3002 [MEDIUM] CWE-200 GHSA-6v8v-wc26-56rj: The Linux kernel before 2
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2009-10-22·CVSS 4.4
CVE-2009-3238 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
Solar Designer discovered that the z90crypt driver did not correctly
check capabilities. A local attacker could exploit this to shut down
the device, leading to a denial of service. Only affected Ubuntu 6.06.
(CVE-2009-1883)
Michael Buesch discovered that the SGI GRU driver did not correctly check
the length when setting options. A local attacker could exploit this
to write to the kernel stack, leading to root privilege escalation or
a denial of service. Only affected Ubuntu 8.10 and 9.04. (CVE-2009-2584)
It was discovered that SELinux did not fully implement the mmap_min_addr
restrictions. A local attacker could exploit this to allocate the
NULL memory page which could lead to further attacks against kernel
NULL
Red Hat
kernel: numerous getname() infoleaks
vendor_redhat·2009-08-23·CVSS 4.9
CVE-2009-3002 [MEDIUM] kernel: numerous getname() infoleaks
kernel: numerous getname() infoleaks
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.
Statement: CVE-2009-3002 describes a co
No detection rules found.
Exploit-DB
Linux Kernel < 2.6.31-rc7 - 'AF_IRDA' 29-Byte Stack Disclosure (2)
exploitdb·2009-08-31·CVSS 4.9
CVE-2009-3002 [MEDIUM] Linux Kernel < 2.6.31-rc7 - 'AF_IRDA' 29-Byte Stack Disclosure (2)
Linux Kernel
* http://jon.oberheide.org
*
* Information:
*
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3002
*
* The Linux kernel before 2.6.31-rc7 does not initialize certain data
* structures within getname functions, which allows local users to read
* the contents of some kernel memory locations by calling getsockname
* on ... (2) an AF_IRDA socket, related to the irda_getname function in
* net/irda/af_irda.c.
*
* Notes:
*
* Yet another stack disclosure...although this one is big and contiguous.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#ifndef AF_IRDA
#define AF_IRDA 23
#endif
struct sockaddr_irda {
uint16_t sir_family;
uint8_t sir_lsap_sel;
uint32_t sir_addr;
char sir_name[25];
};
const int randcalls[] = {
__NR_read,
Exploit-DB
Linux Kernel 2.6.30 - 'atalk_getname()' 8-bytes Stack Disclosure (1)
exploitdb·2009-08-26
CVE-2009-3002 Linux Kernel 2.6.30 - 'atalk_getname()' 8-bytes Stack Disclosure (1)
Linux Kernel 2.6.30 - 'atalk_getname()' 8-bytes Stack Disclosure (1)
---
/**
* appleak.c
*
* Linux keunouille
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
void kernop(int fd)
{
/* from Jon Oberheide sploit
*/
const int randcalls[] = {
__NR_read, __NR_write, __NR_open, __NR_close, __NR_stat, __NR_lstat,
__NR_lseek, __NR_rt_sigaction, __NR_rt_sigprocmask, __NR_ioctl,
__NR_access, __NR_pipe, __NR_sched_yield, __NR_mremap, __NR_dup,
__NR_dup2, __NR_getitimer, __NR_setitimer, __NR_getpid, __NR_fcntl,
__NR_flock, __NR_getdents, __NR_getcwd, __NR_gettimeofday,
__NR_getrlimit, __NR_getuid, __NR_getgid, __NR_geteuid, __NR_getegid,
__NR_getppid, __NR_getpgrp, __NR_getgroups, __NR_getresuid,
__NR_getresgid, __NR_getpgid, __NR_getsid,__NR_get
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=09384dfc76e526c3993c09c42e016372dc9dd22chttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=17ac2e9c58b69a1e25460a568eae1b0dc0188c25http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d392475c873c10c10d6d96b94d092a34ebd4791http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=80922bbb12a105f858a8f0abb879cb4302d0ecaahttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e84b90ae5eb3c112d1f208964df1d8156a538289http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6b97b29513950bfbf621a83d85b6f86b39ec8dbhttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.htmlhttp://secunia.com/advisories/36438http://secunia.com/advisories/37105http://secunia.com/advisories/37351http://www.exploit-db.com/exploits/9521http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7http://www.openwall.com/lists/oss-security/2009/08/27/1http://www.openwall.com/lists/oss-security/2009/08/27/2http://www.securityfocus.com/archive/1/512019/100/0/threadedhttp://www.securityfocus.com/bid/36150http://www.ubuntu.com/usn/USN-852-1https://bugzilla.redhat.com/show_bug.cgi?id=519305https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741https://rhn.redhat.com/errata/RHSA-2009-1540.htmlhttps://rhn.redhat.com/errata/RHSA-2009-1550.htmlhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=09384dfc76e526c3993c09c42e016372dc9dd22chttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=17ac2e9c58b69a1e25460a568eae1b0dc0188c25http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d392475c873c10c10d6d96b94d092a34ebd4791http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=80922bbb12a105f858a8f0abb879cb4302d0ecaahttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e84b90ae5eb3c112d1f208964df1d8156a538289http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6b97b29513950bfbf621a83d85b6f86b39ec8dbhttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.htmlhttp://secunia.com/advisories/36438http://secunia.com/advisories/37105http://secunia.com/advisories/37351http://www.exploit-db.com/exploits/9521http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7http://www.openwall.com/lists/oss-security/2009/08/27/1http://www.openwall.com/lists/oss-security/2009/08/27/2http://www.securityfocus.com/archive/1/512019/100/0/threadedhttp://www.securityfocus.com/bid/36150http://www.ubuntu.com/usn/USN-852-1https://bugzilla.redhat.com/show_bug.cgi?id=519305https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741https://rhn.redhat.com/errata/RHSA-2009-1540.htmlhttps://rhn.redhat.com/errata/RHSA-2009-1550.html
2009-08-28
Published