Upstream information

CVE-2009-3002 at MITRE

Description

The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.9
Vector AV:L/AC:L/Au:N/C:C/I:N/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact None
Availability Impact None
SUSE Bugzilla entries: 534372 [RESOLVED / FIXED], 535707 [RESOLVED / DUPLICATE]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server for SAP Applications 11
  • ext4dev-kmp-default >= 0_2.6.27.37_0.1-7.1.18
  • ext4dev-kmp-pae >= 0_2.6.27.37_0.1-7.1.18
  • ext4dev-kmp-ppc64 >= 0_2.6.27.37_0.1-7.1.18
  • ext4dev-kmp-vmi >= 0_2.6.27.37_0.1-7.1.18
  • ext4dev-kmp-xen >= 0_2.6.27.37_0.1-7.1.18
  • iscsitarget-kmp-default >= 0.4.15_2.6.27.54_0.2-94.14.8
  • kernel-default >= 2.6.27.37-0.1.1
  • kernel-default-base >= 2.6.27.37-0.1.1
  • kernel-default-man >= 2.6.27.37-0.1.1
  • kernel-kdump >= 2.6.27.37-0.1.1
  • kernel-pae >= 2.6.27.37-0.1.1
  • kernel-pae-base >= 2.6.27.37-0.1.1
  • kernel-ppc64 >= 2.6.27.37-0.1.1
  • kernel-ppc64-base >= 2.6.27.37-0.1.1
  • kernel-source >= 2.6.27.37-0.1.1
  • kernel-syms >= 2.6.27.37-0.1.1
  • kernel-vmi >= 2.6.27.37-0.1.1
  • kernel-vmi-base >= 2.6.27.37-0.1.1
  • kernel-xen >= 2.6.27.37-0.1.1
  • kernel-xen-base >= 2.6.27.37-0.1.1
  • oracleasm-kmp-default >= 2.0.5_2.6.27.54_0.2-7.9.1
Patchnames:
slessp0-kernel


SUSE Timeline for this CVE

CVE page created: Fri Jun 28 07:00:06 2013
CVE page last modified: Fri Dec 8 16:34:32 2023