CVE-2009-3002

Impact:
Important
Public Date:
2009-08-23
Bugzilla:
519305: CVE-2009-3001, CVE-2009-3002 kernel: numerous getname() infoleaks

The MITRE CVE dictionary describes this issue as:

The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.

Find out more about CVE-2009-3002 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

CVE-2009-3002 describes a collection of similar information leaks that affect numerous networking protocols.

The Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 did not enable support for the AppleTalk DDP protocol, and therefore were not affected by issue (1). It was addressed in Red Hat Enterprise Linux 3 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1550.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively.

The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG did not enable support for IrDA sockets, and therefore were not affected by issue (2). It was addressed in Red Hat Enterprise Linux 3 via: https://rhn.redhat.com/errata/RHSA-2009-1550.html

The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG did not enable support for the Acorn Econet and AUN protocols, and therefore were not affected by issue (3).

The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG did not enable support for the NET/ROM and ROSE protocols, and therefore were not affected by issues (4) and (5). They were addressed in Red Hat Enterprise Linux 3 via: https://rhn.redhat.com/errata/RHSA-2009-1550.html

The raw_getname() leak was introduced in the Linux kernel version 2.6.25-rc1. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG therefore were not affected by issue (6).

CVSS v2 metrics

Base Score 2.1
Base Metrics AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (kernel) RHSA-2009:1550 2009-11-03
MRG Grid for RHEL 5 Server (kernel-rt) RHSA-2009:1540 2009-11-03
Last Modified

CVE description copyright © 2017, The MITRE Corporation