Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3621

CWE-400 — Uncontrolled Resource Consumption7 documents7 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 78.11%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

8

Linux Linux Kernel Canonical Ubuntu Linux Fedoraproject Fedora +5 more

Timeline

PublishedOct 22

Latest updateMay 2

Description

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶NVDlinux/linux_kernel2.6.31.4

▶NVDsuse/suse_linux_enterprise_server10

▶NVDsuse/suse_linux_enterprise_desktop10

▶NVDvmware/esx4.0

▶NVDvmware/vma4.0

Also affects: Ubuntu Linux 6.06, 8.04, 8.10, 9.04, 9.10, Fedora 10

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-g479-4r8w-jx3w: net/unix/af_unix↗2022-05-02

▶

CVEList

CVE-2009-3621: net/unix/af_unix↗2009-10-22

▶

💥Exploits & PoCs

1

Exploit-DB

Linux Kernel 2.6.31.4 - 'unix_stream_connect()' Local Denial of Service↗2009-11-10

▶

📋Vendor Advisories

2

Ubuntu

Linux kernel vulnerabilities↗2009-12-05

▶

Red Hat

kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket↗2009-10-19

▶

💬Community

1

Bugzilla

CVE-2009-3621 kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket↗2009-10-19

▶

CVE-2009-3621 (MEDIUM CVSS 5.5) | net/unix/af_unix.c in the Linux ker | cvebase.io