Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2009-2698

Published: 27/08/2009 Updated: 28/12/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 736
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux Kernel

Vulnerability Summary

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel prior to 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

canonical ubuntu linux 6.06

canonical ubuntu linux 9.04

canonical ubuntu linux 8.04

canonical ubuntu linux 8.10

suse linux enterprise server 9

suse linux enterprise server 10

suse linux enterprise desktop 10

fedoraproject fedora 10

redhat enterprise linux server 5.0

redhat enterprise linux workstation 5.0

redhat enterprise linux desktop 4.0

redhat enterprise linux desktop 5.0

redhat enterprise linux server 4.0

redhat enterprise linux workstation 4.0

redhat enterprise linux server aus 5.3

redhat enterprise linux eus 5.3

redhat enterprise linux eus 4.8

vmware esxi 4.0

vmware vcenter server 4.0

Vendor Advisories

Ubuntu Security Notice: linux, linux-source-2.6.15 vulnerabilities
Solar Designer discovered that the z90crypt driver did not correctly check capabilities A local attacker could exploit this to shut down the device, leading to a denial of service Only affected Ubuntu 606 (CVE-2009-1883) ...

Exploits

Exploit DB: Linux Kernel < 2.6.19 (Debian 4) - 'udp_sendmsg' Local Privilege Escalation (3)
/*********************************************************** * hoagie_udp_sendmsgc * LOCAL LINUX KERNEL ROOT EXPLOIT (&lt; 2619) - CVE-2009-2698 * * udp_sendmsg bug exploit via (*output) callback function * used in dst_entry / rtable * * Bug reported by Tavis Ormandy and Julien Tinnes * of the Google Security Team * * Tested with Debi ...
Exploit DB: Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1)
/* ** ** 0x82-CVE-2009-2698 ** Linux kernel 26 &lt; 2619 (32bit) ip_append_data() local ring0 root exploit ** ** Tested White Box 4(269-5ELsmp), ** CentOS 44(269-42ELsmp), CentOS 45(269-55ELsmp), ** Fedora Core 4(2611-11369_FC4smp), Fedora Core 5(2615-12054_FC5), ** Fedora Core 6(2618-12798fc6) ** ** -- ** Discovered by Tav ...
Exploit DB: Linux Kernel < 2.6.19 (x86/x64) - 'udp_sendmsg' Local Privilege Escalation (2)
/* second verse, same as the first CVE-2009-2698 udp_sendmsg(), x86/x64 Cheers to Julien/Tavis for the bug, p0c73n1 for just throwing code at NULL and finding it executed This exploit is a bit more nuanced and thoughtful ;) use /therebelsh for everything At this moment, when each of us must fit an arrow to his bow and ente ...
Exploit DB: Linux 2.6 ip_append_data() ring0 Root Exploit
Linux 26 kernel versions below 2619 32bit ip_append_data() ring() root exploit ...
Exploit DB: Linux Kernel udp_sendmsg Local Root Exploit
Linux 26 kernels prior to version 2619 udp_sendmsg local root exploit ...

Github Repositories

https://github.com/xiaoxiaoleo/CVE-2009-2698

CVE-2009-2698 compiled for CentOS 4.8

CVE-2009-2698 CVE-2009-2698 compiled for CentOS 48 githubcom/SecWiki/linux-kernel-exploits/tree/4dca098e7491efc83903494d7c00f24c843aae99/2009/CVE-2009-2698 Detail [hacker@localhost ~]$ id uid=500(hacker) gid=500(hacker) groups=500(hacker) context=user_u:system_r:unconfined_t [hacker@localhost ~]$ gcc 36108c -o exp [hacker@localhost ~]$ /exp sh-300# id uid=0(root

https://github.com/cloudsec/exploit

Some kernel exploit i wrote

Some kernel exploits i wrote: CVE-2009-2692-sock_sendpagec CVE-2009-2698-udp_sendmsgc Intel_sysretc can_bcm_expc csawc nfs_mountc perf_expc perf_stackc

References

CWE-476http://rhn.redhat.com/errata/RHSA-2009-1223.htmlhttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19http://secunia.com/advisories/36430http://rhn.redhat.com/errata/RHSA-2009-1222.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=518034http://secunia.com/advisories/23073http://www.securitytracker.com/id?1022761http://www.openwall.com/lists/oss-security/2009/08/25/1http://secunia.com/advisories/36510http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.htmlhttp://www.securityfocus.com/bid/36108http://www.redhat.com/support/errata/RHSA-2009-1233.htmlhttp://support.avaya.com/css/P8/documents/100067254http://www.vupen.com/english/advisories/2009/3316http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://secunia.com/advisories/37471http://secunia.com/advisories/37298http://www.mandriva.com/security/advisories?name=MDVSA-2011:051http://secunia.com/advisories/37105http://www.ubuntu.com/usn/USN-852-1https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9142https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8557https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11514http://www.securityfocus.com/archive/1/512019/100/0/threadedhttp://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1e0c14f49d6b393179f423abbac47f85618d3d46https://usn.ubuntu.com/852-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/9575/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook