CVE-2009-2692 Information

Feb 14, 2021 cve

Description

The Linux kernel 2.6.0 through 2.6.30.4 and 2.4.4 through 2.4.37.4 does not initialize all function pointers for socket operations in proto_ops structures which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero placing arbitrary code on this page and then invoking an unavailable operation as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98 http://grsecurity.net/~spender/wunderbar_emporium.tgz http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://rhn.redhat.com/errata/RHSA-2009-1222.html http://rhn.redhat.com/errata/RHSA-2009-1223.html http://secunia.com/advisories/36278 http://secunia.com/advisories/36289 http://secunia.com/advisories/36327 http://secunia.com/advisories/36430 http://secunia.com/advisories/37298 http://secunia.com/advisories/37471 http://support.avaya.com/css/P8/documents/100067254 http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121 http://www.debian.org/security/2009/dsa-1865 http://www.exploit-db.com/exploits/19933 http://www.exploit-db.com/exploits/9477 http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6 http://www.mandriva.com/security/advisories?name=MDVSA-2009:233 http://www.openwall.com/lists/oss-security/2009/08/14/1 http://www.redhat.com/support/errata/RHSA-2009-1233.html http://www.securityfocus.com/archive/1/505751/100/0/threaded http://www.securityfocus.com/archive/1/505912/100/0/threaded http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.securityfocus.com/archive/1/512019/100/0/threaded http://www.securityfocus.com/bid/36038 http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/2272 http://www.vupen.com/english/advisories/2009/3316 http://zenthought.org/content/file/android-root-2009-08-16-source https://bugzilla.redhat.com/show_bug.cgi?id=516949 https://issues.rpath.com/browse/RPL-3103 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11526 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11591 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A8657

Share on: