Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2009-1186

Published: 17/04/2009 Updated: 13/02/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Udev

Vulnerability Summary

Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev prior to 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

udev project udev

opensuse opensuse 11.1

opensuse opensuse 11.0

opensuse opensuse 10.3

suse linux enterprise server 10

suse linux enterprise desktop 10

suse linux enterprise server 11

suse linux enterprise desktop 11

suse linux enterprise debuginfo 10

suse linux enterprise debuginfo 11

debian debian linux 5.0

debian debian linux 4.0

canonical ubuntu linux 7.10

canonical ubuntu linux 8.10

canonical ubuntu linux 8.04

canonical ubuntu linux 6.06

fedoraproject fedora 10

fedoraproject fedora 9

Vendor Advisories

Ubuntu Security Notice: udev vulnerabilities
Sebastian Krahmer discovered that udev did not correctly validate netlink message senders A local attacker could send specially crafted messages to udev in order to gain root privileges (CVE-2009-1185) ...
Debian Security Advisories: DSA-1772-1 udev -- several vulnerabilities
Sebastian Kramer discovered two vulnerabilities in udev, the /dev and hotplug management daemon CVE-2009-1185 udev does not check the origin of NETLINK messages, allowing local users to gain root privileges CVE-2009-1186 udev suffers from a buffer overflow condition in path encoding, potentially allowing arbitrary code execution ...

References

CWE-120http://www.securityfocus.com/bid/34539http://secunia.com/advisories/34753http://www.ubuntu.com/usn/usn-758-1http://www.debian.org/security/2009/dsa-1772http://secunia.com/advisories/34750https://launchpad.net/bugs/cve/2009-1186https://bugzilla.redhat.com/show_bug.cgi?id=495052http://secunia.com/advisories/34731http://secunia.com/advisories/34787http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.446399http://www.securitytracker.com/id?1022068http://wiki.rpath.com/Advisories:rPSA-2009-0063http://secunia.com/advisories/34785http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00006.htmlhttp://secunia.com/advisories/34771http://www.vupen.com/english/advisories/2009/1053https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00462.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-April/msg00463.htmlhttp://secunia.com/advisories/34801http://www.gentoo.org/security/en/glsa/glsa-200904-18.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:103http://secunia.com/advisories/34776http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063http://www.securityfocus.com/archive/1/502752/100/0/threadedhttp://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=662c3110803bd8c1aedacc36788e6fd028944314https://nvd.nist.govhttps://usn.ubuntu.com/758-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook