CVE-2009-1897

Loading...

General

Score:6.9/10.0
Severity:Medium
Category:Buffer Error
Exploit:Available

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Local
Access Complexity:Medium
Authentication:None

Published on 20/07/09 - Updated on 17/08/17

Description

The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894.

Category: Buffer Error

CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Security Notices

US National Vulnerability DatabaseCVE-2009-1897

Exploits

Exploit-DBEDB-33088, EDB-9191

Relative technologies

VendorProduct
linuxlinux_kernel

Share this vulnerability with:

Twitter Facebook LinkedIn Mail