CVE-2009-0835

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-0835 at MITRE

Description

The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343.

NVD CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 483820

SUSE Security Advisories:

SUSE-SA:2009:021, published Thu, 16 Apr 2009 15:00:00 +0000
SUSE-SA:2009:028, published Wed, 20 May 2009 18:00:00 +0000
SUSE-SA:2009:030, published Mon, 08 Jun 2009 18:00:00 +0000
SUSE-SA:2009:031, published Mon, 09 Jun 2009 09:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.21_0.1-2.1.2` `cluster-network-kmp-ppc64 >= 1.4_2.6.27.21_0.1-2.1.2` `ocfs2-kmp-default >= 1.4_2.6.27.21_0.1-4.1.2` `ocfs2-kmp-ppc64 >= 1.4_2.6.27.21_0.1-4.1.2`	sles11.ppc sle11-debuginfo.ppc SAT Patch Nr: 725
SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM POWER	`kernel-default-debuginfo >= 2.6.16.60-0.39.3` `kernel-iseries64-debuginfo >= 2.6.16.60-0.39.3` `kernel-kdump-debuginfo >= 2.6.16.60-0.39.3` `kernel-ppc64-debuginfo >= 2.6.16.60-0.39.3`	sles10-sp2.ppc sles10-sp2-debuginfo.ppc sle10-sp2-sdk.ppc ZYPP Patch Nr: 6235
SUSE Linux Enterprise Server 10 SP2 for IBM POWER	`kernel-default >= 2.6.16.60-0.39.3` `kernel-iseries64 >= 2.6.16.60-0.39.3` `kernel-kdump >= 2.6.16.60-0.39.3` `kernel-ppc64 >= 2.6.16.60-0.39.3` `kernel-source >= 2.6.16.60-0.39.3` `kernel-syms >= 2.6.16.60-0.39.3`	sles10-sp2.ppc sles10-sp2-debuginfo.ppc sle10-sp2-sdk.ppc ZYPP Patch Nr: 6235
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.21_0.1-2.1.2` `ocfs2-kmp-default >= 1.4_2.6.27.21_0.1-4.1.2`	sle11-debuginfo.ia64 sles11.ia64 SAT Patch Nr: 714
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.21_0.1-2.1.2` `ocfs2-kmp-default >= 1.4_2.6.27.21_0.1-4.1.2`	sle11-debuginfo.s390x sles11.s390x SAT Patch Nr: 716
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.21_0.1-2.1.2` `cluster-network-kmp-xen >= 1.4_2.6.27.21_0.1-2.1.2` `ocfs2-kmp-default >= 1.4_2.6.27.21_0.1-4.1.2` `ocfs2-kmp-xen >= 1.4_2.6.27.21_0.1-4.1.2`	sle11-debuginfo.x86-64 sles11.x86-64 sled11.x86-64 SAT Patch Nr: 715
SUSE Linux Enterprise 10 SP2 DEBUGINFO for IPF	`kernel-debug-debuginfo >= 2.6.16.60-0.39.3` `kernel-default-debuginfo >= 2.6.16.60-0.39.3` `kernel-source-debuginfo >= 2.6.16.60-0.39.3`	sle10-sp2-sdk.ia64 sles10-sp2-debuginfo.ia64 sles10-sp2.ia64 ZYPP Patch Nr: 6234
SUSE Linux Enterprise Server 10 SP2 for IPF	`kernel-debug >= 2.6.16.60-0.39.3` `kernel-default >= 2.6.16.60-0.39.3` `kernel-source >= 2.6.16.60-0.39.3` `kernel-syms >= 2.6.16.60-0.39.3`	sle10-sp2-sdk.ia64 sles10-sp2-debuginfo.ia64 sles10-sp2.ia64 ZYPP Patch Nr: 6234
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.21_0.1-2.1.2` `cluster-network-kmp-pae >= 1.4_2.6.27.21_0.1-2.1.2` `cluster-network-kmp-xen >= 1.4_2.6.27.21_0.1-2.1.2` `ocfs2-kmp-default >= 1.4_2.6.27.21_0.1-4.1.2` `ocfs2-kmp-pae >= 1.4_2.6.27.21_0.1-4.1.2` `ocfs2-kmp-xen >= 1.4_2.6.27.21_0.1-4.1.2`	sled11.x86 sle11-debuginfo.x86 sles11.x86 SAT Patch Nr: 713
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T	`kernel-default >= 2.6.16.60-0.39.3` `kernel-smp >= 2.6.16.60-0.39.3` `kernel-source >= 2.6.16.60-0.39.3` `kernel-syms >= 2.6.16.60-0.39.3` `kernel-xen >= 2.6.16.60-0.39.3`	sles10-sp2-debuginfo.x86-64 sle10-sp2-sdk.x86-64 sles10-sp2.x86-64 sled10-sp2.x86-64 ZYPP Patch Nr: 6236
SUSE Linux Enterprise 10 SP2 DEBUGINFO for AMD64 and Intel EM64T	`kernel-debug-debuginfo >= 2.6.16.60-0.39.3` `kernel-default-debuginfo >= 2.6.16.60-0.39.3` `kernel-kdump-debuginfo >= 2.6.16.60-0.39.3` `kernel-smp-debuginfo >= 2.6.16.60-0.39.3` `kernel-source-debuginfo >= 2.6.16.60-0.39.3` `kernel-xen-debuginfo >= 2.6.16.60-0.39.3`	sles10-sp2-debuginfo.x86-64 sle10-sp2-sdk.x86-64 sles10-sp2.x86-64 sled10-sp2.x86-64 ZYPP Patch Nr: 6236
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T	`kernel-debug >= 2.6.16.60-0.39.3` `kernel-default >= 2.6.16.60-0.39.3` `kernel-kdump >= 2.6.16.60-0.39.3` `kernel-smp >= 2.6.16.60-0.39.3` `kernel-source >= 2.6.16.60-0.39.3` `kernel-syms >= 2.6.16.60-0.39.3` `kernel-xen >= 2.6.16.60-0.39.3`	sles10-sp2-debuginfo.x86-64 sle10-sp2-sdk.x86-64 sles10-sp2.x86-64 sled10-sp2.x86-64 ZYPP Patch Nr: 6236
SUSE Linux Enterprise Desktop 10 SP2 for x86	`kernel-bigsmp >= 2.6.16.60-0.39.3` `kernel-default >= 2.6.16.60-0.39.3` `kernel-smp >= 2.6.16.60-0.39.3` `kernel-source >= 2.6.16.60-0.39.3` `kernel-syms >= 2.6.16.60-0.39.3` `kernel-xen >= 2.6.16.60-0.39.3` `kernel-xenpae >= 2.6.16.60-0.39.3`	sled10-sp2.x86 sles10-sp2-debuginfo.x86 sles10-sp2.x86 sle10-sp2-sdk.x86 ZYPP Patch Nr: 6237
SUSE Linux Enterprise 10 SP2 DEBUGINFO for x86	`kernel-bigsmp-debuginfo >= 2.6.16.60-0.39.3` `kernel-debug-debuginfo >= 2.6.16.60-0.39.3` `kernel-default-debuginfo >= 2.6.16.60-0.39.3` `kernel-kdump-debuginfo >= 2.6.16.60-0.39.3` `kernel-smp-debuginfo >= 2.6.16.60-0.39.3` `kernel-source-debuginfo >= 2.6.16.60-0.39.3` `kernel-xen-debuginfo >= 2.6.16.60-0.39.3` `kernel-xenpae-debuginfo >= 2.6.16.60-0.39.3`	sled10-sp2.x86 sles10-sp2-debuginfo.x86 sles10-sp2.x86 sle10-sp2-sdk.x86 ZYPP Patch Nr: 6237
SUSE Linux Enterprise Server 10 SP2 for x86	`kernel-bigsmp >= 2.6.16.60-0.39.3` `kernel-debug >= 2.6.16.60-0.39.3` `kernel-default >= 2.6.16.60-0.39.3` `kernel-kdump >= 2.6.16.60-0.39.3` `kernel-smp >= 2.6.16.60-0.39.3` `kernel-source >= 2.6.16.60-0.39.3` `kernel-syms >= 2.6.16.60-0.39.3` `kernel-vmi >= 2.6.16.60-0.39.3` `kernel-vmipae >= 2.6.16.60-0.39.3` `kernel-xen >= 2.6.16.60-0.39.3` `kernel-xenpae >= 2.6.16.60-0.39.3`	sled10-sp2.x86 sles10-sp2-debuginfo.x86 sles10-sp2.x86 sle10-sp2-sdk.x86 ZYPP Patch Nr: 6237
openSUSE 10.3	`kernel-bigsmp >= 2.6.22.19-0.3` `kernel-debug >= 2.6.22.19-0.3` `kernel-default >= 2.6.22.19-0.3` `kernel-kdump >= 2.6.22.19-0.3` `kernel-ppc64 >= 2.6.22.19-0.3` `kernel-source >= 2.6.22.19-0.3` `kernel-syms >= 2.6.22.19-0.3` `kernel-xen >= 2.6.22.19-0.3` `kernel-xenpae >= 2.6.22.19-0.3`
SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM zSeries 64bit	`kernel-default-debuginfo >= 2.6.16.60-0.39.3`	sles10-sp2.s390x sles10-sp2-debuginfo.s390x ZYPP Patch Nr: 6238
SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit	`kernel-default >= 2.6.16.60-0.39.3` `kernel-source >= 2.6.16.60-0.39.3` `kernel-syms >= 2.6.16.60-0.39.3`	sles10-sp2.s390x sles10-sp2-debuginfo.s390x ZYPP Patch Nr: 6238

List of products where fixes are in QA

SUSE Linux Enterprise High Availability Extension 11

Markets

Products By Category

Novell

NetIQ (Moving soon to NetIQ.com)

A-Z

Contribute