CVE-2009-1185

Impact:
Important
Public Date:
2009-04-15
CWE:
CWE-862
Bugzilla:
495051: CVE-2009-1185 udev: Uncheck origin of NETLINK messages

The MITRE CVE dictionary describes this issue as:

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

Find out more about CVE-2009-1185 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue has been fixed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2009-0427.html . udev packages as shipped in Red Hat Enterprise Linux 4 were not affected by this flaw, as they do not use netlink sockets for communication. udev is not shipped in Red Hat Enterprise Linux 2.1 and 3.

CVSS v2 metrics

Base Score 7.2
Base Metrics AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (udev) RHSA-2009:0427 2009-04-16

Acknowledgements

Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.