CVE-2009-1185 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2009-1185

CVE-2009-1185

April 17, 2009

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

Related Resources (41)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5975

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://secunia.com/advisories/34771

http://www.securitytracker.com/id?1022067

http://www.vupen.com/english/advisories/2009/1865

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00012.html

http://www.vmware.com/security/advisories/VMSA-2009-0009.html

http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063

http://www.securityfocus.com/bid/34536

http://lists.vmware.com/pipermail/security-announce/2009/000060.html

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00463.html

http://secunia.com/advisories/34750

http://secunia.com/advisories/34776

http://secunia.com/advisories/34731

http://www.gentoo.org/security/en/glsa/glsa-200904-18.xml

http://wiki.rpath.com/Advisories:rPSA-2009-0063

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.446399

http://www.redhat.com/support/errata/RHSA-2009-0427.html

http://secunia.com/advisories/34753

http://secunia.com/advisories/35766

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10925

http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e2b362d9f23d4c63018709ab5f81a02f72b91e75

http://secunia.com/advisories/34787

http://secunia.com/advisories/34801

https://launchpad.net/bugs/cve/2009-1185

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00006.html

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00462.html

http://secunia.com/advisories/34785

http://www.mandriva.com/security/advisories?name=MDVSA-2009:104

http://www.securityfocus.com/archive/1/504849/100/0/threaded

http://www.mandriva.com/security/advisories?name=MDVSA-2009:103

http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e86a923d508c2aed371cdd958ce82489cf2ab615

http://www.vupen.com/english/advisories/2009/1053

https://access.redhat.com/security/cve/CVE-2009-1185

http://www.debian.org/security/2009/dsa-1772

https://www.exploit-db.com/exploits/8572

https://bugzilla.redhat.com/show_bug.cgi?id=495051

https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1185

http://www.ubuntu.com/usn/usn-758-1

http://www.securityfocus.com/archive/1/502752/100/0/threaded

Do you need more information?

CVSS v4

Base Score:

8.6

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

CVSS v2

Base Score:

7.2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

Weakness Type (CWE)

Origin Validation Error

CWE-346

EPSS

Base Score:

89.51

Products

Solutions

Resources

Company

Compare

Developer Tools