CVE-2009-3547 Information

Feb 14, 2021 cve

Description

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/1/fd/ /proc/10/fd/ /proc/100/fd/ /proc/1004/fd/ /proc/101/fd/ /proc/1011/fd/ /proc/1014/fd/ /proc/1017/fd/ /proc/102/fd/ /proc/102337/fd/ /proc/103748/fd/ /proc/103978/fd/ /proc/104/fd/ /proc/105/fd/ /proc/106/fd/ /proc/107/fd/ /proc/1076/fd/ /proc/1078/fd/ /proc/1079/fd/ /proc/108/fd/ /proc/1080/fd/ /proc/109/fd/ /proc/11/fd/ /proc/110/fd/ /proc/111/fd/ /proc/1112456/fd/ /proc/112/fd/ /proc/113/fd/ /proc/1136/fd/ /proc/114/fd/ /proc/1149/fd/ /proc/116/fd/ /proc/1164/fd/ /proc/117/fd/ /proc/118/fd/ /proc/1187/fd/ /proc/119/fd/ /proc/12/fd/ /proc/120/fd/ /proc/1209032/fd/ /proc/122/fd/ /proc/123/fd/ /proc/124/fd/ /proc/125/fd/ /proc/126/fd/ /proc/128/fd/ /proc/129/fd/ /proc/1290962/fd/ /proc/1295/fd/ /proc/1296/fd/ /proc/1297/fd/ /proc/129773/fd/ /proc/130/fd/ /proc/131/fd/ /proc/132/fd/ /proc/134/fd/ /proc/135/fd/ /proc/135144/fd/ /proc/136/fd/ /proc/137/fd/ /proc/138/fd/ /proc/14/fd/ /proc/140/fd/ /proc/1404788/fd/ /proc/141/fd/ /proc/142/fd/ /proc/143/fd/ /proc/144/fd/ /proc/146/fd/ /proc/147/fd/ /proc/148/fd/ /proc/149/fd/ /proc/15/fd/ /proc/150/fd/ /proc/1516992/fd/ /proc/152/fd/ /proc/1522329/fd/ /proc/153/fd/ /proc/154/fd/ /proc/155/fd/ /proc/156/fd/ /proc/16/fd/ /proc/161/fd/ /proc/161312/fd/ /proc/162/fd/ /proc/163/fd/ /proc/164/fd/ /proc/1640/fd/ /proc/1645/fd/ /proc/165/fd/ /proc/1655625/fd/ /proc/166/fd/ /proc/1669827/fd/ /proc/17/fd/ /proc/1744569/fd/ /proc/18/fd/ /proc/1815399/fd/ /proc/1847356/fd/ /proc/1907792/fd/ /proc/1945025/fd/ /proc/1971656/fd/ /proc/1985794/fd/ /proc/2/fd/ /proc/20/fd/ /proc/2014225/fd/ /proc/2033738/fd/ /proc/2046154/fd/ /proc/21/fd/ /proc/2103008/fd/ /proc/2124184/fd/ /proc/213/fd/ /proc/214/fd/ /proc/215/fd/ /proc/2150/fd/ /proc/216/fd/ /proc/217/fd/ /proc/218/fd/ /proc/2182621/fd/ /proc/219/fd/ /proc/22/fd/ /proc/220/fd/ /proc/221/fd/ /proc/2219780/fd/ /proc/2221575/fd/ /proc/2237524/fd/ /proc/2239276/fd/ /proc/224/fd/ /proc/2242793/fd/ /proc/2244566/fd/ /proc/2274/fd/ /proc/229/fd/ /proc/23/fd/ /proc/230/fd/ /proc/2309695/fd/ /proc/232/fd/ /proc/233/fd/ /proc/2334595/fd/ /proc/2364646/fd/ /proc/2368169/fd/ /proc/2380570/fd/ /proc/24/fd/ /proc/2469265/fd/ /proc/2469267/fd/ /proc/248/fd/ /proc/249/fd/ /proc/256/fd/ /proc/257/fd/ /proc/258/fd/ /proc/259/fd/ /proc/26/fd/ /proc/261/fd/ /proc/262/fd/ /proc/2672/fd/ /proc/27/fd/ /proc/272/fd/ /proc/275/fd/ /proc/28/fd/ /proc/288/fd/ /proc/29/fd/ /proc/292/fd/ /proc/3/fd/ /proc/30/fd/ /proc/300068/fd/ /proc/32/fd/ /proc/33/fd/ /proc/34/fd/ /proc/3405/fd/ /proc/3468/fd/ /proc/35/fd/ /proc/352/fd/ /proc/353/fd/ /proc/354/fd/ /proc/355/fd/ /proc/356/fd/ /proc/357/fd/ /proc/36/fd/ /proc/3618/fd/ /proc/38/fd/ /proc/385/fd/ /proc/386/fd/ /proc/39/fd/ /proc/3935/fd/ /proc/4/fd/ /proc/40/fd/ /proc/403/fd/ /proc/4042/fd/ /proc/407/fd/ /proc/41/fd/ /proc/412/fd/ /proc/413/fd/ /proc/414/fd/ /proc/415/fd/ /proc/416/fd/ /proc/417/fd/ /proc/418/fd/ /proc/42/fd/ /proc/426/fd/ /proc/43/fd/ /proc/433/fd/ /proc/434/fd/ /proc/435/fd/ /proc/44/fd/ /proc/45/fd/ /proc/456/fd/ /proc/46/fd/ /proc/47/fd/ /proc/48/fd/ /proc/497/fd/ /proc/498/fd/ /proc/499/fd/ /proc/50/fd/ /proc/50051/fd/ /proc/50085/fd/ /proc/51/fd/ /proc/52/fd/ /proc/525/fd/ /proc/526/fd/ /proc/53/fd/ /proc/531/fd/ /proc/54/fd/ /proc/552/fd/ /proc/559/fd/ /proc/56/fd/ /proc/562/fd/ /proc/563/fd/ /proc/57/fd/ /proc/571/fd/ /proc/5725/fd/ /proc/574/fd/ /proc/575/fd/ /proc/576/fd/ /proc/58/fd/ /proc/585/fd/ /proc/59/fd/ /proc/599/fd/ /proc/6/fd/ /proc/60/fd/ /proc/619/fd/ /proc/62/fd/ /proc/63/fd/ /proc/64/fd/ /proc/65/fd/ /proc/651164/fd/ /proc/66/fd/ /proc/68/fd/ /proc/6808/fd/ /proc/6822/fd/ /proc/684/fd/ /proc/6851/fd/ /proc/69/fd/ /proc/6929/fd/ /proc/6930/fd/ /proc/70/fd/ /proc/703/fd/ /proc/7041/fd/ /proc/7061/fd/ /proc/71/fd/ /proc/72/fd/ /proc/739/fd/ /proc/74/fd/ /proc/75/fd/ /proc/76/fd/ /proc/762/fd/ /proc/763131/fd/ /proc/77/fd/ /proc/78/fd/ /proc/8/fd/ /proc/80/fd/ /proc/81/fd/ /proc/82/fd/ /proc/82623/fd/ /proc/83/fd/ /proc/839/fd/ /proc/84/fd/ /proc/840/fd/ /proc/841/fd/ /proc/842/fd/ /proc/843/fd/ /proc/851/fd/ /proc/852/fd/ /proc/854/fd/ /proc/857/fd/ /proc/86/fd/ /proc/861/fd/ /proc/862/fd/ /proc/863/fd/ /proc/864/fd/ /proc/87/fd/ /proc/88/fd/ /proc/889/fd/ /proc/89/fd/ /proc/9/fd/ /proc/90/fd/ /proc/917/fd/ /proc/92/fd/ /proc/922/fd/ /proc/924/fd/ /proc/927/fd/ /proc/93/fd/ /proc/936308/fd/ /proc/93775/fd/ /proc/94/fd/ /proc/95/fd/ /proc/956/fd/ /proc/96/fd/ /proc/967/fd/ /proc/968713/fd/ /proc/970/fd/ /proc/97373/fd/ /proc/97488/fd/ /proc/98/fd/ /proc/986/fd/ /proc/987/fd/ /proc/98821/fd/ /proc/99/fd/ /proc/999/fd/ /proc/self/fd/ /proc/thread-self/fd/ pathname.

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad3960243e55320d74195fb85c975e0a8cc4466c http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://lkml.org/lkml/2009/10/14/184 http://lkml.org/lkml/2009/10/21/42 http://marc.info/?l=oss-security&m=125724568017045&w=2 http://secunia.com/advisories/37351 http://secunia.com/advisories/38017 http://secunia.com/advisories/38794 http://secunia.com/advisories/38834 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6 http://www.mandriva.com/security/advisories?name=MDVSA-2009:329 http://www.redhat.com/support/errata/RHSA-2009-1672.html http://www.securityfocus.com/archive/1/512019/100/0/threaded http://www.securityfocus.com/bid/36901 http://www.ubuntu.com/usn/usn-864-1 http://www.vupen.com/english/advisories/2010/0528 https://bugzilla.redhat.com/show_bug.cgi?id=530490 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11513 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7608 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9327 https://rhn.redhat.com/errata/RHSA-2009-1540.html https://rhn.redhat.com/errata/RHSA-2009-1541.html https://rhn.redhat.com/errata/RHSA-2009-1548.html https://rhn.redhat.com/errata/RHSA-2009-1550.html https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.0

Share on: