CVE-2009-3002

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-3002 at MITRE

Description

The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.

NVD CVSS v2 Base Score: 4.9 (AV:L/AC:L/Au:N/C:C/I:N/A:N)

Novell/SUSE information

Novell Bugzilla entry: 534372, 535707

SUSE Security Advisories:

SUSE-SA:2009:051, published Mon, 02 Nov 2009 15:00:00 +0000
SUSE-SA:2009:054, published Wed, 11 Nov 2009 15:00:00 +0000
SUSE-SA:2009:056, published Mon, 16 Nov 2009 13:00:00 +0000
SUSE-SA:2010:012, published Mon, 15 Feb 2010 16:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.37_0.1-2.1.18` `cluster-network-kmp-pae >= 1.4_2.6.27.37_0.1-2.1.18` `cluster-network-kmp-xen >= 1.4_2.6.27.37_0.1-2.1.18`	sle11-debuginfo.x86 sles11.x86 sle11-hae.x86 sled11.x86 sle11-sdk.x86 SAT Patch Nr: 1413
Novell Linux Desktop 9 for x86_64	`kernel-default >= 2.6.5-7.321` `kernel-smp >= 2.6.5-7.321` `kernel-source >= 2.6.5-7.321` `kernel-syms >= 2.6.5-7.321`	sles9-nld.x86-64 YOU Patch Nr: 12547
SUSE Linux Enterprise 10 SP2 DEBUGINFO for IPF	`kernel-debug-debuginfo >= 2.6.16.60-0.42.7` `kernel-default-debuginfo >= 2.6.16.60-0.42.7` `kernel-source-debuginfo >= 2.6.16.60-0.42.7`	sles10-sp2-debuginfo.ia64 sle10-sp2-sdk.ia64 sles10-sp2.ia64 ZYPP Patch Nr: 6633
SUSE Linux Enterprise Server 10 SP2 for IPF	`kernel-debug >= 2.6.16.60-0.42.7` `kernel-default >= 2.6.16.60-0.42.7` `kernel-source >= 2.6.16.60-0.42.7` `kernel-syms >= 2.6.16.60-0.42.7`	sles10-sp2-debuginfo.ia64 sle10-sp2-sdk.ia64 sles10-sp2.ia64 ZYPP Patch Nr: 6633
SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM zSeries 64bit	`kernel-default-debuginfo >= 2.6.16.60-0.42.7`	sles10-sp2-debuginfo.s390x sles10-sp2.s390x ZYPP Patch Nr: 6635
SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit	`kernel-default >= 2.6.16.60-0.42.7` `kernel-source >= 2.6.16.60-0.42.7` `kernel-syms >= 2.6.16.60-0.42.7`	sles10-sp2-debuginfo.s390x sles10-sp2.s390x ZYPP Patch Nr: 6635
SUSE CORE 9 for IBM S/390 31bit	`kernel-s390 >= 2.6.5-7.321` `kernel-s390-debug >= 2.6.5-7.321` `kernel-source >= 2.6.5-7.321` `kernel-syms >= 2.6.5-7.321`	core9.s390 YOU Patch Nr: 12544
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.37_0.1-2.1.18`	sle11-debuginfo.ia64 sles11.ia64 sle11-hae.ia64 SAT Patch Nr: 1409
Novell Linux POS 9 SUSE CORE 9 for x86	`kernel-bigsmp >= 2.6.5-7.321` `kernel-debug >= 2.6.5-7.321` `kernel-default >= 2.6.5-7.321` `kernel-smp >= 2.6.5-7.321` `kernel-source >= 2.6.5-7.321` `kernel-syms >= 2.6.5-7.321` `kernel-um >= 2.6.5-7.321` `kernel-xen >= 2.6.5-7.321` `kernel-xenpae >= 2.6.5-7.321` `um-host-install-initrd >= 1.0-48.34` `um-host-kernel >= 2.6.5-7.321` `xen-kmp >= 3.0.4_2.6.5_7.321-0.2`	core9.x86 sles9-nlpos.x86 YOU Patch Nr: 12541
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.37_0.1-2.1.18` `cluster-network-kmp-xen >= 1.4_2.6.27.37_0.1-2.1.18`	sle11-hae.x86-64 sle11-debuginfo.x86-64 sled11.x86-64 sle11-sdk.x86-64 sles11.x86-64 SAT Patch Nr: 1412
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.37_0.1-2.1.18`	sle11-debuginfo.s390x sle11-hae.s390x sles11.s390x SAT Patch Nr: 1410
SUSE CORE 9 for Itanium Processor Family	`kernel-64k-pagesize >= 2.6.5-7.321` `kernel-debug >= 2.6.5-7.321` `kernel-default >= 2.6.5-7.321` `kernel-sn2 >= 2.6.5-7.321` `kernel-source >= 2.6.5-7.321` `kernel-syms >= 2.6.5-7.321`	core9.ia64 YOU Patch Nr: 12542
SUSE CORE 9 for IBM zSeries 64bit	`kernel-s390x >= 2.6.5-7.321` `kernel-s390x-debug >= 2.6.5-7.321` `kernel-source >= 2.6.5-7.321` `kernel-syms >= 2.6.5-7.321`	core9.s390x YOU Patch Nr: 12545
SUSE CORE 9 for IBM POWER	`kernel-default >= 2.6.5-7.321` `kernel-iseries64 >= 2.6.5-7.321` `kernel-pmac64 >= 2.6.5-7.321` `kernel-pseries64 >= 2.6.5-7.321` `kernel-smp >= 2.6.5-7.321` `kernel-source >= 2.6.5-7.321` `kernel-syms >= 2.6.5-7.321`	core9.ppc YOU Patch Nr: 12543
SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM POWER	`kernel-default-debuginfo >= 2.6.16.60-0.42.7` `kernel-iseries64-debuginfo >= 2.6.16.60-0.42.7` `kernel-kdump-debuginfo >= 2.6.16.60-0.42.7` `kernel-ppc64-debuginfo >= 2.6.16.60-0.42.7`	sles10-sp2.ppc sles10-sp2-debuginfo.ppc sle10-sp2-sdk.ppc ZYPP Patch Nr: 6634
SUSE Linux Enterprise Server 10 SP2 for IBM POWER	`kernel-default >= 2.6.16.60-0.42.7` `kernel-iseries64 >= 2.6.16.60-0.42.7` `kernel-kdump >= 2.6.16.60-0.42.7` `kernel-ppc64 >= 2.6.16.60-0.42.7` `kernel-source >= 2.6.16.60-0.42.7` `kernel-syms >= 2.6.16.60-0.42.7`	sles10-sp2.ppc sles10-sp2-debuginfo.ppc sle10-sp2-sdk.ppc ZYPP Patch Nr: 6634
SUSE CORE 9 for AMD64 and Intel EM64T	`kernel-default >= 2.6.5-7.321` `kernel-smp >= 2.6.5-7.321` `kernel-source >= 2.6.5-7.321` `kernel-syms >= 2.6.5-7.321` `kernel-xen >= 2.6.5-7.321` `xen-kmp >= 3.0.4_2.6.5_7.321-0.2`	core9.x86-64 YOU Patch Nr: 12546
SUSE Linux Enterprise Desktop 10 SP2 for x86	`kernel-bigsmp >= 2.6.16.60-0.42.7` `kernel-default >= 2.6.16.60-0.42.7` `kernel-smp >= 2.6.16.60-0.42.7` `kernel-source >= 2.6.16.60-0.42.7` `kernel-syms >= 2.6.16.60-0.42.7` `kernel-xen >= 2.6.16.60-0.42.7` `kernel-xenpae >= 2.6.16.60-0.42.7`	sled10-sp2.x86 sle10-sp2-sdk.x86 sles10-sp2.x86 sles10-sp2-debuginfo.x86 ZYPP Patch Nr: 6632
SUSE Linux Enterprise 10 SP2 DEBUGINFO for x86	`kernel-bigsmp-debuginfo >= 2.6.16.60-0.42.7` `kernel-debug-debuginfo >= 2.6.16.60-0.42.7` `kernel-default-debuginfo >= 2.6.16.60-0.42.7` `kernel-kdump-debuginfo >= 2.6.16.60-0.42.7` `kernel-smp-debuginfo >= 2.6.16.60-0.42.7` `kernel-source-debuginfo >= 2.6.16.60-0.42.7` `kernel-xen-debuginfo >= 2.6.16.60-0.42.7` `kernel-xenpae-debuginfo >= 2.6.16.60-0.42.7`	sled10-sp2.x86 sle10-sp2-sdk.x86 sles10-sp2.x86 sles10-sp2-debuginfo.x86 ZYPP Patch Nr: 6632
SUSE Linux Enterprise Server 10 SP2 for x86	`kernel-bigsmp >= 2.6.16.60-0.42.7` `kernel-debug >= 2.6.16.60-0.42.7` `kernel-default >= 2.6.16.60-0.42.7` `kernel-kdump >= 2.6.16.60-0.42.7` `kernel-smp >= 2.6.16.60-0.42.7` `kernel-source >= 2.6.16.60-0.42.7` `kernel-syms >= 2.6.16.60-0.42.7` `kernel-vmi >= 2.6.16.60-0.42.7` `kernel-vmipae >= 2.6.16.60-0.42.7` `kernel-xen >= 2.6.16.60-0.42.7` `kernel-xenpae >= 2.6.16.60-0.42.7`	sled10-sp2.x86 sle10-sp2-sdk.x86 sles10-sp2.x86 sles10-sp2-debuginfo.x86 ZYPP Patch Nr: 6632
SUSE CORE 9 for AMD64 and Intel EM64T	`kernel-default >= 2.6.5-7.329.TDC` `kernel-smp >= 2.6.5-7.329.TDC` `kernel-source >= 2.6.5-7.329.TDC` `kernel-syms >= 2.6.5-7.329.TDC` `xen-kmp >= 3.0.4_2.6.5_7.329.TDC_-0.3`	Builds YOU Patch Nr: 12814
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T	`kernel-default >= 2.6.16.60-0.42.7` `kernel-smp >= 2.6.16.60-0.42.7` `kernel-source >= 2.6.16.60-0.42.7` `kernel-syms >= 2.6.16.60-0.42.7` `kernel-xen >= 2.6.16.60-0.42.7`	sled10-sp2.x86-64 sle10-sp2-sdk.x86-64 sles10-sp2.x86-64 sles10-sp2-debuginfo.x86-64 ZYPP Patch Nr: 6636
SUSE Linux Enterprise 10 SP2 DEBUGINFO for AMD64 and Intel EM64T	`kernel-debug-debuginfo >= 2.6.16.60-0.42.7` `kernel-default-debuginfo >= 2.6.16.60-0.42.7` `kernel-kdump-debuginfo >= 2.6.16.60-0.42.7` `kernel-smp-debuginfo >= 2.6.16.60-0.42.7` `kernel-source-debuginfo >= 2.6.16.60-0.42.7` `kernel-xen-debuginfo >= 2.6.16.60-0.42.7`	sled10-sp2.x86-64 sle10-sp2-sdk.x86-64 sles10-sp2.x86-64 sles10-sp2-debuginfo.x86-64 ZYPP Patch Nr: 6636
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T	`kernel-debug >= 2.6.16.60-0.42.7` `kernel-default >= 2.6.16.60-0.42.7` `kernel-kdump >= 2.6.16.60-0.42.7` `kernel-smp >= 2.6.16.60-0.42.7` `kernel-source >= 2.6.16.60-0.42.7` `kernel-syms >= 2.6.16.60-0.42.7` `kernel-xen >= 2.6.16.60-0.42.7`	sled10-sp2.x86-64 sle10-sp2-sdk.x86-64 sles10-sp2.x86-64 sles10-sp2-debuginfo.x86-64 ZYPP Patch Nr: 6636
SUSE Linux Enterprise High Availability Extension 11	`cluster-network-kmp-default >= 1.4_2.6.27.37_0.1-2.1.18`	sles11.ppc sle11-debuginfo.ppc sle11-hae.ppc SAT Patch Nr: 1411
Novell Linux Desktop 9 for x86	`kernel-bigsmp >= 2.6.5-7.321` `kernel-default >= 2.6.5-7.321` `kernel-smp >= 2.6.5-7.321` `kernel-source >= 2.6.5-7.321` `kernel-syms >= 2.6.5-7.321`	sles9-nld.x86 sles9-oes.x86 YOU Patch Nr: 12548
Open Enterprise Server	`kernel-bigsmp >= 2.6.5-7.321` `kernel-debug >= 2.6.5-7.321` `kernel-default >= 2.6.5-7.321` `kernel-smp >= 2.6.5-7.321` `kernel-source >= 2.6.5-7.321` `kernel-syms >= 2.6.5-7.321` `kernel-um >= 2.6.5-7.321` `kernel-xen >= 2.6.5-7.321` `kernel-xenpae >= 2.6.5-7.321` `um-host-install-initrd >= 1.0-48.34` `um-host-kernel >= 2.6.5-7.321` `xen-kmp >= 3.0.4_2.6.5_7.321-0.2`	sles9-nld.x86 sles9-oes.x86 YOU Patch Nr: 12548

Markets

Products By Category

Novell

NetIQ (Moving soon to NetIQ.com)

A-Z

Contribute