CVE-2009-1185

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 17-04-2009 04:30

Last modified: - 03-06-2022 05:05

Total changes: - 2

Description

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:C/I:C/A:C

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

7.2

Base score

3.9

10.0

Exploitability score

Impact score

Verification logic

vendor=udev_project AND product=udev AND versionEndExcluding=141

vendor=opensuse AND product=opensuse AND version=11.1

vendor=opensuse AND product=opensuse AND version=11.0

vendor=opensuse AND product=opensuse AND version=10.3

vendor=suse AND product=linux_enterprise_server AND version=10 AND update=sp2

vendor=suse AND product=linux_enterprise_desktop AND version=10 AND update=sp2

vendor=suse AND product=linux_enterprise_server AND version=11 AND update=-

vendor=suse AND product=linux_enterprise_desktop AND version=11 AND update=-

vendor=suse AND product=linux_enterprise_debuginfo AND version=10 AND update=sp2

vendor=suse AND product=linux_enterprise_debuginfo AND version=11 AND update=-

vendor=Debian AND product=debian_linux AND version=5.0

vendor=Debian AND product=debian_linux AND version=4.0

vendor=canonical AND product=ubuntu_linux AND version=7.10

vendor=canonical AND product=ubuntu_linux AND version=8.10

vendor=canonical AND product=ubuntu_linux AND version=8.04 AND software_edition=-

vendor=canonical AND product=ubuntu_linux AND version=6.06

vendor=fedoraproject AND product=fedora AND version=10

vendor=fedoraproject AND product=fedora AND version=9

vendor=juniper AND product=ctpview AND versionEndExcluding=7.1

vendor=juniper AND product=ctpview AND version=7.1 AND update=-

vendor=juniper AND product=ctpview AND version=7.1 AND update=r1

vendor=juniper AND product=ctpview AND version=7.2 AND update=-

Reference

34731-Not Applicable
https://bugzilla.redhat.com/show_bug.cgi?id=495051
http://git.kernel.org/?p=linux/hotplug/udev.git;a=commitdiff;h=e2b362d9f23d4c63018709ab5f81a02f72b91e75
34536-Third Party Advisory, VDB Entry
https://launchpad.net/bugs/cve/2009-1185
USN-758-1-Third Party Advisory
http://git.kernel.org/?p=linux/hotplug/udev.git;a=commitdiff;h=e86a923d508c2aed371cdd958ce82489cf2ab615
34753-Not Applicable
34750-Not Applicable
DSA-1772-Third Party Advisory
SSA:2009-111-01-Mailing List, Third Party Advisory
ADV-2009-1053-Permissions Required
1022067-Broken Link, Third Party Advisory, VDB Entry
GLSA-200904-18-Third Party Advisory
34785-Not Applicable
34771-Not Applicable
FEDORA-2009-3712-Mailing List, Third Party Advisory
FEDORA-2009-3711-Mailing List, Third Party Advisory
SUSE-SA:2009:025-Mailing List, Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0063
34801-Not Applicable
SUSE-SA:2009:020-Mailing List, Third Party Advisory
34787-Not Applicable
MDVSA-2009:104-Broken Link
MDVSA-2009:103-Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063
34776-Not Applicable
RHSA-2009:0427-Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0009.html
ADV-2009-1865-Permissions Required
[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl-Third Party Advisory
35766-Not Applicable
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
8572-Exploit, Third Party Advisory, VDB Entry
oval:org.mitre.oval:def:5975-Third Party Advisory
oval:org.mitre.oval:def:10925-Broken Link
20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl-Third Party Advisory, VDB Entry
20090417 rPSA-2009-0063-1 udev-Third Party Advisory, VDB Entry

Keywords

CVE-2009-1185

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2009-1185

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures