QwikSec

Security Database

CVE

CWE

Training

CVE-2009-2692

Published: Aug 14, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_REDHAT

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_REDHAT

20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel

mailing-list

x_refsource_BUGTRAQ

http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_REDHAT

20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations

mailing-list

x_refsource_FULLDISC

https://bugzilla.redhat.com/show_bug.cgi?id=516949

x_refsource_CONFIRM

https://issues.rpath.com/browse/RPL-3103

x_refsource_CONFIRM

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_VUPEN

SUSE-SR:2009:015

vendor-advisory

x_refsource_SUSE

20090813 Linux NULL pointer dereference due to incorrect proto_ops initializations

mailing-list

x_refsource_BUGTRAQ

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

http://support.avaya.com/css/P8/documents/100067254

x_refsource_CONFIRM

http://grsecurity.net/~spender/wunderbar_emporium.tgz

x_refsource_MISC

oval:org.mitre.oval:def:11591

vdb-entry

signature

x_refsource_OVAL

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3

x_refsource_CONFIRM

oval:org.mitre.oval:def:11526

vdb-entry

signature

x_refsource_OVAL

vendor-advisory

x_refsource_MANDRIVA

exploit

x_refsource_EXPLOIT-DB

http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html

x_refsource_MISC

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6

x_refsource_CONFIRM

oval:org.mitre.oval:def:8657

vdb-entry

signature

x_refsource_OVAL

[oss-security] 20090814 CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

20090818 rPSA-2009-0121-1 kernel open-vm-tools

mailing-list

x_refsource_BUGTRAQ

http://zenthought.org/content/file/android-root-2009-08-16-source

x_refsource_MISC

vdb-entry

x_refsource_VUPEN

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.