Computer Security

CVE-2009-1897
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2009-1897
StatusUNKNOWN
DescriptionThe tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894.
SeverityMedium
CVSS score6,9
CVSS vector(AV:L/AC:M/Au:N/C:C/I:C/A:C)
PhaseASSIGNED (20.07.2009)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1897
ReferencesCONFIRM : http://git.kernel.org/?p=linux/kernel/git/torvalds...
 CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=512284
 FULLDISC : 20090716 Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable
 FULLDISC : 20090716 Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable
 MISC : http://grsecurity.net/~spender/cheddar_bay.tgz
 MISC : http://isc.sans.org/diary.html?storyid=6820
 MLIST : [linux-kernel] 20090706 Re: PROBLEM: tun/tap crashes if open() /dev/net/tun and then poll() it.
 MLIST : [netdev] 20090409 Oops in tun: bisected to Limit amount of queued packets per device
 MLIST : [oss-security] 20090717 Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable
 SECUNIA : 35839
 VUPEN : ADV-2009-1925
 XF : linux-kernel-tunchrpoll-code-execution(51803)
SecurityVulns:Linux kernel privilege escalation
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server