CVE-2009-3002 - Vulnerability Details

Vendors	Products
Canonical	Ubuntu Linux
Linux	Linux Kernel
Redhat	Enterprise Linux Enterprise Mrg

Package	CPE	Advisory	Released Date
MRG for RHEL-5
kernel-rt-0:2.6.24.7-137.el5rt	cpe:/a:redhat:enterprise_mrg:1::el5	RHSA-2009:1540	2009-11-03T00:00:00Z
Red Hat Enterprise Linux 3
kernel-0:2.4.21-63.EL	cpe:/o:redhat:enterprise_linux:3	RHSA-2009:1550	2009-11-03T00:00:00Z

Link	Providers
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=09384dfc76e526c3993c09c42e016372dc9dd22c
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=17ac2e9c58b69a1e25460a568eae1b0dc0188c25
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d392475c873c10c10d6d96b94d092a34ebd4791
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=80922bbb12a105f858a8f0abb879cb4302d0ecaa
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e84b90ae5eb3c112d1f208964df1d8156a538289
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6b97b29513950bfbf621a83d85b6f86b39ec8db
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
http://secunia.com/advisories/36438
http://secunia.com/advisories/37105
http://secunia.com/advisories/37351
http://www.exploit-db.com/exploits/9521
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7
http://www.openwall.com/lists/oss-security/2009/08/27/1
http://www.openwall.com/lists/oss-security/2009/08/27/2
http://www.securityfocus.com/archive/1/512019/100/0/threaded
http://www.securityfocus.com/bid/36150
http://www.ubuntu.com/usn/USN-852-1
https://bugzilla.redhat.com/show_bug.cgi?id=519305
https://nvd.nist.gov/vuln/detail/CVE-2009-3002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741
https://rhn.redhat.com/errata/RHSA-2009-1540.html
https://rhn.redhat.com/errata/RHSA-2009-1550.html
https://www.cve.org/CVERecord?id=CVE-2009-3002

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-08-21T00:00:00", "descriptions": [{"lang": "en", "value": "The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7"}, {"name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:11611", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611"}, {"name": "RHSA-2009:1540", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"}, {"name": "USN-852-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-852-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d392475c873c10c10d6d96b94d092a34ebd4791"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=17ac2e9c58b69a1e25460a568eae1b0dc0188c25"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=519305"}, {"name": "37351", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37351"}, {"name": "SUSE-SA:2009:056", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"}, {"name": "SUSE-SA:2010:012", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6b97b29513950bfbf621a83d85b6f86b39ec8db"}, {"name": "36150", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36150"}, {"name": "[oss-security] 20090827 Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/08/27/1"}, {"name": "RHSA-2009:1550", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"}, {"name": "oval:org.mitre.oval:def:11741", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=80922bbb12a105f858a8f0abb879cb4302d0ecaa"}, {"name": "36438", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36438"}, {"name": "9521", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/9521"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e84b90ae5eb3c112d1f208964df1d8156a538289"}, {"name": "SUSE-SA:2009:054", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=09384dfc76e526c3993c09c42e016372dc9dd22c"}, {"name": "37105", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37105"}, {"name": "[oss-security] 20090827 Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/08/27/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3002", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7"}, {"name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:11611", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611"}, {"name": "RHSA-2009:1540", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"}, {"name": "USN-852-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-852-1"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d392475c873c10c10d6d96b94d092a34ebd4791", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d392475c873c10c10d6d96b94d092a34ebd4791"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=17ac2e9c58b69a1e25460a568eae1b0dc0188c25", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=17ac2e9c58b69a1e25460a568eae1b0dc0188c25"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=519305", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=519305"}, {"name": "37351", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37351"}, {"name": "SUSE-SA:2009:056", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"}, {"name": "SUSE-SA:2010:012", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f6b97b29513950bfbf621a83d85b6f86b39ec8db", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f6b97b29513950bfbf621a83d85b6f86b39ec8db"}, {"name": "36150", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36150"}, {"name": "[oss-security] 20090827 Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/08/27/1"}, {"name": "RHSA-2009:1550", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"}, {"name": "oval:org.mitre.oval:def:11741", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=80922bbb12a105f858a8f0abb879cb4302d0ecaa", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=80922bbb12a105f858a8f0abb879cb4302d0ecaa"}, {"name": "36438", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36438"}, {"name": "9521", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/9521"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e84b90ae5eb3c112d1f208964df1d8156a538289", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e84b90ae5eb3c112d1f208964df1d8156a538289"}, {"name": "SUSE-SA:2009:054", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=09384dfc76e526c3993c09c42e016372dc9dd22c", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=09384dfc76e526c3993c09c42e016372dc9dd22c"}, {"name": "37105", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37105"}, {"name": "[oss-security] 20090827 Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/08/27/2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:14:55.183Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7"}, {"name": "20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:11611", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611"}, {"name": "RHSA-2009:1540", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"}, {"name": "USN-852-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-852-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d392475c873c10c10d6d96b94d092a34ebd4791"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=17ac2e9c58b69a1e25460a568eae1b0dc0188c25"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=519305"}, {"name": "37351", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37351"}, {"name": "SUSE-SA:2009:056", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"}, {"name": "SUSE-SA:2010:012", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6b97b29513950bfbf621a83d85b6f86b39ec8db"}, {"name": "36150", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36150"}, {"name": "[oss-security] 20090827 Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/08/27/1"}, {"name": "RHSA-2009:1550", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"}, {"name": "oval:org.mitre.oval:def:11741", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=80922bbb12a105f858a8f0abb879cb4302d0ecaa"}, {"name": "36438", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36438"}, {"name": "9521", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/9521"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e84b90ae5eb3c112d1f208964df1d8156a538289"}, {"name": "SUSE-SA:2009:054", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=09384dfc76e526c3993c09c42e016372dc9dd22c"}, {"name": "37105", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37105"}, {"name": "[oss-security] 20090827 Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/08/27/2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3002", "datePublished": "2009-08-28T15:00:00", "dateReserved": "2009-08-28T00:00:00", "dateUpdated": "2024-08-07T06:14:55.183Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2009-08-21T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-10-10T18:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7 (string)

}

1 : { »

name : 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://www.securityfocus.com/archive/1/512019/100/0/threaded (string)

}

2 : { »

name : oval:org.mitre.oval:def:11611 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611 (string)

}

3 : { »

name : RHSA-2009:1540 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://rhn.redhat.com/errata/RHSA-2009-1540.html (string)

}

4 : { »

name : USN-852-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-852-1 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d392475c873c10c10d6d96b94d092a34ebd4791 (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=17ac2e9c58b69a1e25460a568eae1b0dc0188c25 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=519305 (string)

}

8 : { »

name : 37351 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/37351 (string)

}

9 : { »

name : SUSE-SA:2009:056 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html (string)

}

10 : { »

name : SUSE-SA:2010:012 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html (string)

}

11 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6b97b29513950bfbf621a83d85b6f86b39ec8db (string)

}

12 : { »

name : 36150 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/36150 (string)

}

13 : { »

name : [oss-security] 20090827 Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2009/08/27/1 (string)

}

14 : { »

name : RHSA-2009:1550 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://rhn.redhat.com/errata/RHSA-2009-1550.html (string)

}

15 : { »

name : oval:org.mitre.oval:def:11741 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741 (string)

}

16 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=80922bbb12a105f858a8f0abb879cb4302d0ecaa (string)

}

17 : { »

name : 36438 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/36438 (string)

}

18 : { »

name : 9521 (string)

tags : [ »

0 : exploit (string)

1 : x_refsource_EXPLOIT-DB (string)

]

url : http://www.exploit-db.com/exploits/9521 (string)

}

19 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e84b90ae5eb3c112d1f208964df1d8156a538289 (string)

}

20 : { »

name : SUSE-SA:2009:054 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html (string)

}

21 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=09384dfc76e526c3993c09c42e016372dc9dd22c (string)

}

22 : { »

name : 37105 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/37105 (string)

}

23 : { »

name : [oss-security] 20090827 Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2009/08/27/2 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2009-3002 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7 (string)

refsource : CONFIRM (string)

url : http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7 (string)

}

1 : { »

name : 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (string)

refsource : BUGTRAQ (string)

url : http://www.securityfocus.com/archive/1/512019/100/0/threaded (string)

}

2 : { »

name : oval:org.mitre.oval:def:11611 (string)

refsource : OVAL (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611 (string)

}

3 : { »

name : RHSA-2009:1540 (string)

refsource : REDHAT (string)

url : https://rhn.redhat.com/errata/RHSA-2009-1540.html (string)

}

4 : { »

name : USN-852-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-852-1 (string)

}

5 : { »

name : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d392475c873c10c10d6d96b94d092a34ebd4791 (string)

refsource : CONFIRM (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d392475c873c10c10d6d96b94d092a34ebd4791 (string)

}

6 : { »

name : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=17ac2e9c58b69a1e25460a568eae1b0dc0188c25 (string)

refsource : CONFIRM (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=17ac2e9c58b69a1e25460a568eae1b0dc0188c25 (string)

}

7 : { »

name : https://bugzilla.redhat.com/show_bug.cgi?id=519305 (string)

refsource : CONFIRM (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=519305 (string)

}

8 : { »

name : 37351 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/37351 (string)

}

9 : { »

name : SUSE-SA:2009:056 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html (string)

}

10 : { »

name : SUSE-SA:2010:012 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html (string)

}

11 : { »

name : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f6b97b29513950bfbf621a83d85b6f86b39ec8db (string)

refsource : CONFIRM (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f6b97b29513950bfbf621a83d85b6f86b39ec8db (string)

}

12 : { »

name : 36150 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/36150 (string)

}

13 : { »

name : [oss-security] 20090827 Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2009/08/27/1 (string)

}

14 : { »

name : RHSA-2009:1550 (string)

refsource : REDHAT (string)

url : https://rhn.redhat.com/errata/RHSA-2009-1550.html (string)

}

15 : { »

name : oval:org.mitre.oval:def:11741 (string)

refsource : OVAL (string)

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741 (string)

}

16 : { »

name : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=80922bbb12a105f858a8f0abb879cb4302d0ecaa (string)

refsource : CONFIRM (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=80922bbb12a105f858a8f0abb879cb4302d0ecaa (string)

}

17 : { »

name : 36438 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/36438 (string)

}

18 : { »

name : 9521 (string)

refsource : EXPLOIT-DB (string)

url : http://www.exploit-db.com/exploits/9521 (string)

}

19 : { »

name : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e84b90ae5eb3c112d1f208964df1d8156a538289 (string)

refsource : CONFIRM (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e84b90ae5eb3c112d1f208964df1d8156a538289 (string)

}

20 : { »

name : SUSE-SA:2009:054 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html (string)

}

21 : { »

name : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=09384dfc76e526c3993c09c42e016372dc9dd22c (string)

refsource : CONFIRM (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=09384dfc76e526c3993c09c42e016372dc9dd22c (string)

}

22 : { »

name : 37105 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/37105 (string)

}

23 : { »

name : [oss-security] 20090827 Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2009/08/27/2 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T06:14:55.183Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7 (string)

}

1 : { »

name : 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/512019/100/0/threaded (string)

}

2 : { »

name : oval:org.mitre.oval:def:11611 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

3 : x_transferred (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611 (string)

}

3 : { »

name : RHSA-2009:1540 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://rhn.redhat.com/errata/RHSA-2009-1540.html (string)

}

4 : { »

name : USN-852-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-852-1 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d392475c873c10c10d6d96b94d092a34ebd4791 (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=17ac2e9c58b69a1e25460a568eae1b0dc0188c25 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=519305 (string)

}

8 : { »

name : 37351 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/37351 (string)

}

9 : { »

name : SUSE-SA:2009:056 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html (string)

}

10 : { »

name : SUSE-SA:2010:012 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html (string)

}

11 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6b97b29513950bfbf621a83d85b6f86b39ec8db (string)

}

12 : { »

name : 36150 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/36150 (string)

}

13 : { »

name : [oss-security] 20090827 Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2009/08/27/1 (string)

}

14 : { »

name : RHSA-2009:1550 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://rhn.redhat.com/errata/RHSA-2009-1550.html (string)

}

15 : { »

name : oval:org.mitre.oval:def:11741 (string)

tags : [ »

0 : vdb-entry (string)

1 : signature (string)

2 : x_refsource_OVAL (string)

3 : x_transferred (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741 (string)

}

16 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=80922bbb12a105f858a8f0abb879cb4302d0ecaa (string)

}

17 : { »

name : 36438 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/36438 (string)

}

18 : { »

name : 9521 (string)

tags : [ »

0 : exploit (string)

1 : x_refsource_EXPLOIT-DB (string)

2 : x_transferred (string)

]

url : http://www.exploit-db.com/exploits/9521 (string)

}

19 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e84b90ae5eb3c112d1f208964df1d8156a538289 (string)

}

20 : { »

name : SUSE-SA:2009:054 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html (string)

}

21 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=09384dfc76e526c3993c09c42e016372dc9dd22c (string)

}

22 : { »

name : 37105 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/37105 (string)

}

23 : { »

name : [oss-security] 20090827 Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2009/08/27/2 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2009-3002 (string)

datePublished : 2009-08-28T15:00:00 (string)

dateReserved : 2009-08-28T00:00:00 (string)

dateUpdated : 2024-08-07T06:14:55.183Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE1BA972-91FE-417F-B0AD-D3067DA8C96F", "versionEndExcluding": "2.6.31", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:*", "matchCriteriaId": "2887290A-1B43-4DB9-A9D0-B0B56CD78E48", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc1:*:*:*:*:*:*", "matchCriteriaId": "29C4A364-ED36-4AC8-AD1E-8BD18DD9324D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc2:*:*:*:*:*:*", "matchCriteriaId": "4049867A-E3B2-4DC1-8966-0477E6A5D582", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*", "matchCriteriaId": "A2507858-675B-4DA2-A49E-00DB54700CF3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*", "matchCriteriaId": "0A25EA55-3F1C-440C-A383-0BB9556C9508", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*", "matchCriteriaId": "B2665356-4EF5-4543-AD15-67FDB851DCCD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*", "matchCriteriaId": "26E7609B-B058-496D-ACDD-7F69FBDE89E5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c."}, {"lang": "es", "value": "El kernel de Linux antes de v2.6.31-rc7 no inicializa ciertas estructuras de datos dentro de las funciones getname, lo que permite a usuarios locales leer el contenido de algunas celdas de memoria del n\u00facleo llamando a getsockname en (1) un socket AF_APPLETALK, relacionado con la funci\u00f3n atalk_getname en net/appletalk/ddp.c; (2) un socket AF_IRDA, relacionado con la funci\u00f3n irda_getname en net/irda/af_irda.c; (3) un socket AF_ECONET, relacionado con la funci\u00f3n econet_getname en net/econet/af_econet.c; (4) un socket AF_NETROM, relacionado con la funci\u00f3n nr_getname en net/netrom/af_netrom.c; (5) un socket AF_ROSE, relacionado con la funci\u00f3n rose_getname en net/rose/af_rose.c, o (6) un raw socket CAN , relacionado con la funci\u00f3n raw_getname en net/can/raw.c."}], "id": "CVE-2009-3002", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-28T15:30:00.703", "references": [{"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=09384dfc76e526c3993c09c42e016372dc9dd22c"}, {"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=17ac2e9c58b69a1e25460a568eae1b0dc0188c25"}, {"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d392475c873c10c10d6d96b94d092a34ebd4791"}, {"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=80922bbb12a105f858a8f0abb879cb4302d0ecaa"}, {"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e84b90ae5eb3c112d1f208964df1d8156a538289"}, {"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6b97b29513950bfbf621a83d85b6f86b39ec8db"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/36438"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/37105"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/37351"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.exploit-db.com/exploits/9521"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2009/08/27/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2009/08/27/2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/36150"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-852-1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=519305"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=09384dfc76e526c3993c09c42e016372dc9dd22c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=17ac2e9c58b69a1e25460a568eae1b0dc0188c25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d392475c873c10c10d6d96b94d092a34ebd4791"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=80922bbb12a105f858a8f0abb879cb4302d0ecaa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e84b90ae5eb3c112d1f208964df1d8156a538289"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6b97b29513950bfbf621a83d85b6f86b39ec8db"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/36438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/37105"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/37351"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.exploit-db.com/exploits/9521"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2009/08/27/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2009/08/27/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/512019/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/36150"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-852-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=519305"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-1550.html"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "CVE-2009-3002 describes a collection of similar information leaks that affect numerous networking protocols.\n\nThe Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 did not enable support for the AppleTalk DDP protocol, and therefore were not affected by issue (1). It was addressed in Red Hat Enterprise Linux 3 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1550.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively.\n\nThe Linux kernel as shipped with Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG did not enable support for IrDA sockets, and therefore were not affected by issue (2). It was addressed in Red Hat Enterprise Linux 3 via: https://rhn.redhat.com/errata/RHSA-2009-1550.html\n\nThe Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG did not enable support for the Acorn Econet and AUN protocols, and therefore were not affected by issue (3).\n\nThe Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG did not enable support for the NET/ROM and ROSE protocols, and therefore were not affected by issues (4) and (5). They were addressed in Red Hat Enterprise Linux 3 via: https://rhn.redhat.com/errata/RHSA-2009-1550.html\n\nThe raw_getname() leak was introduced in the Linux kernel version 2.6.25-rc1. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG  therefore were not affected by issue (6).", "lastModified": "2009-11-04T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AE1BA972-91FE-417F-B0AD-D3067DA8C96F (string)

versionEndExcluding : 2.6.31 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:* (string)

matchCriteriaId : 2887290A-1B43-4DB9-A9D0-B0B56CD78E48 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:2.6.31:rc1:*:*:*:*:*:* (string)

matchCriteriaId : 29C4A364-ED36-4AC8-AD1E-8BD18DD9324D (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:2.6.31:rc2:*:*:*:*:*:* (string)

matchCriteriaId : 4049867A-E3B2-4DC1-8966-0477E6A5D582 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:* (string)

matchCriteriaId : A2507858-675B-4DA2-A49E-00DB54700CF3 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:* (string)

matchCriteriaId : 0A25EA55-3F1C-440C-A383-0BB9556C9508 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:* (string)

matchCriteriaId : B2665356-4EF5-4543-AD15-67FDB851DCCD (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:* (string)

matchCriteriaId : 26E7609B-B058-496D-ACDD-7F69FBDE89E5 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:* (string)

matchCriteriaId : 5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:* (string)

matchCriteriaId : C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 4747CC68-FAF4-482F-929A-9DA6C24CB663 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* (string)

matchCriteriaId : A5D026D0-EF78-438D-BEDD-FC8571F3ACEB (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c. (string)

}

1 : { »

lang : es (string)

value : El kernel de Linux antes de v2.6.31-rc7 no inicializa ciertas estructuras de datos dentro de las funciones getname, lo que permite a usuarios locales leer el contenido de algunas celdas de memoria del núcleo llamando a getsockname en (1) un socket AF_APPLETALK, relacionado con la función atalk_getname en net/appletalk/ddp.c; (2) un socket AF_IRDA, relacionado con la función irda_getname en net/irda/af_irda.c; (3) un socket AF_ECONET, relacionado con la función econet_getname en net/econet/af_econet.c; (4) un socket AF_NETROM, relacionado con la función nr_getname en net/netrom/af_netrom.c; (5) un socket AF_ROSE, relacionado con la función rose_getname en net/rose/af_rose.c, o (6) un raw socket CAN , relacionado con la función raw_getname en net/can/raw.c. (string)

}

]

id : CVE-2009-3002 (string)

lastModified : 2025-04-09T00:30:58.490 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.9 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:L/Au:N/C:C/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2009-08-28T15:30:00.703 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=09384dfc76e526c3993c09c42e016372dc9dd22c (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=17ac2e9c58b69a1e25460a568eae1b0dc0188c25 (string)

}

2 : { »

source : cve@mitre.org (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d392475c873c10c10d6d96b94d092a34ebd4791 (string)

}

3 : { »

source : cve@mitre.org (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=80922bbb12a105f858a8f0abb879cb4302d0ecaa (string)

}

4 : { »

source : cve@mitre.org (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e84b90ae5eb3c112d1f208964df1d8156a538289 (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6b97b29513950bfbf621a83d85b6f86b39ec8db (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html (string)

}

7 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html (string)

}

9 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/36438 (string)

}

10 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/37105 (string)

}

11 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/37351 (string)

}

12 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.exploit-db.com/exploits/9521 (string)

}

13 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7 (string)

}

14 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2009/08/27/1 (string)

}

15 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2009/08/27/2 (string)

}

16 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/archive/1/512019/100/0/threaded (string)

}

17 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/36150 (string)

}

18 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-852-1 (string)

}

19 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=519305 (string)

}

20 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611 (string)

}

21 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741 (string)

}

22 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://rhn.redhat.com/errata/RHSA-2009-1540.html (string)

}

23 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://rhn.redhat.com/errata/RHSA-2009-1550.html (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=09384dfc76e526c3993c09c42e016372dc9dd22c (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=17ac2e9c58b69a1e25460a568eae1b0dc0188c25 (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d392475c873c10c10d6d96b94d092a34ebd4791 (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=80922bbb12a105f858a8f0abb879cb4302d0ecaa (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e84b90ae5eb3c112d1f208964df1d8156a538289 (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6b97b29513950bfbf621a83d85b6f86b39ec8db (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/36438 (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/37105 (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/37351 (string)

}

36 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.exploit-db.com/exploits/9521 (string)

}

37 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7 (string)

}

38 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2009/08/27/1 (string)

}

39 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2009/08/27/2 (string)

}

40 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/archive/1/512019/100/0/threaded (string)

}

41 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/36150 (string)

}

42 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-852-1 (string)

}

43 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=519305 (string)

}

44 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11611 (string)

}

45 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11741 (string)

}

46 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://rhn.redhat.com/errata/RHSA-2009-1540.html (string)

}

47 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://rhn.redhat.com/errata/RHSA-2009-1550.html (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vendorComments : [ »

0 : { »

comment : CVE-2009-3002 describes a collection of similar information leaks that affect numerous networking protocols. The Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 did not enable support for the AppleTalk DDP protocol, and therefore were not affected by issue (1). It was addressed in Red Hat Enterprise Linux 3 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1550.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively. The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG did not enable support for IrDA sockets, and therefore were not affected by issue (2). It was addressed in Red Hat Enterprise Linux 3 via: https://rhn.redhat.com/errata/RHSA-2009-1550.html The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG did not enable support for the Acorn Econet and AUN protocols, and therefore were not affected by issue (3). The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG did not enable support for the NET/ROM and ROSE protocols, and therefore were not affected by issues (4) and (5). They were addressed in Red Hat Enterprise Linux 3 via: https://rhn.redhat.com/errata/RHSA-2009-1550.html The raw_getname() leak was introduced in the Linux kernel version 2.6.25-rc1. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG therefore were not affected by issue (6). (string)

lastModified : 2009-11-04T00:00:00 (string)

organization : Red Hat (string)

}

]

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2009:1540", "cpe": "cpe:/a:redhat:enterprise_mrg:1::el5", "package": "kernel-rt-0:2.6.24.7-137.el5rt", "product_name": "MRG for RHEL-5", "release_date": "2009-11-03T00:00:00Z"}, {"advisory": "RHSA-2009:1550", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "kernel-0:2.4.21-63.EL", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2009-11-03T00:00:00Z"}], "bugzilla": {"description": "kernel: numerous getname() infoleaks", "id": "519305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=519305"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c."], "name": "CVE-2009-3002", "public_date": "2009-08-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-3002\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-3002"], "statement": "CVE-2009-3002 describes a collection of similar information leaks that affect numerous networking protocols.\nThe Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 did not enable support for the AppleTalk DDP protocol, and therefore were not affected by issue (1).\nThe Linux kernel as shipped with Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG did not enable support for IrDA sockets, and therefore were not affected by issue (2).\nThe Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG did not enable support for the Acorn Econet and AUN protocols, and therefore were not affected by issue (3).\nThe Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG did not enable support for the NET/ROM and ROSE protocols, and therefore were not affected by issues (4) and (5).\nThe raw_getname() leak was introduced in the Linux kernel version 2.6.25-rc1. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG therefore were not affected by issue (6).", "threat_severity": "Important"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2009:1540 (string)

cpe : cpe:/a:redhat:enterprise_mrg:1::el5 (string)

package : kernel-rt-0:2.6.24.7-137.el5rt (string)

product_name : MRG for RHEL-5 (string)

release_date : 2009-11-03T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2009:1550 (string)

cpe : cpe:/o:redhat:enterprise_linux:3 (string)

package : kernel-0:2.4.21-63.EL (string)

product_name : Red Hat Enterprise Linux 3 (string)

release_date : 2009-11-03T00:00:00Z (string)

}

]

bugzilla : { »

description : kernel: numerous getname() infoleaks (string)

id : 519305 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=519305 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 2.1 (string)

cvss_scoring_vector : AV:L/AC:L/Au:N/C:P/I:N/A:N (string)

status : verified (string)

}

details : [ »

0 : The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c. (string)

]

name : CVE-2009-3002 (string)

public_date : 2009-08-23T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2009-3002 https://nvd.nist.gov/vuln/detail/CVE-2009-3002 (string)

]

statement : CVE-2009-3002 describes a collection of similar information leaks that affect numerous networking protocols. The Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 did not enable support for the AppleTalk DDP protocol, and therefore were not affected by issue (1). The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG did not enable support for IrDA sockets, and therefore were not affected by issue (2). The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG did not enable support for the Acorn Econet and AUN protocols, and therefore were not affected by issue (3). The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG did not enable support for the NET/ROM and ROSE protocols, and therefore were not affected by issues (4) and (5). The raw_getname() leak was introduced in the Linux kernel version 2.6.25-rc1. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG therefore were not affected by issue (6). (string)

threat_severity : Important (string)

}

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object