CVE-2009-1897
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2009-1897 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-1897
The flaw only affects the Red Hat Enterprise Linux 5.4 beta kernel, which includes a backport of the upstream bug fix introducing this flaw (git commit 33dccbb0). This issue did not affect the final released Red Hat Enterprise Linux 5.4 kernel. It is also possible to mitigate this flaw by ensuring that the permissions for /dev/net/tun is restricted to root only.
This issue does not affect any other released kernel in any Red Hat product.
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 6.9 |
|---|---|
| Base Metrics | AV:L/AC:M/Au:N/C:C/I:C/A:C |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
CVE description copyright © 2017, The MITRE Corporation
