Published: 22/10/2009 Updated: 13/02/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 495

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and previous versions allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
canonical ubuntu linux 9.04
canonical ubuntu linux 8.10
canonical ubuntu linux 9.10
canonical ubuntu linux 8.04
canonical ubuntu linux 6.06
fedoraproject fedora 10
opensuse opensuse 11.0
opensuse opensuse 11.2
suse suse linux enterprise server 10
suse suse linux enterprise desktop 10
vmware esx 4.0
vmware vma 4.0

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 4This update has been rated as having important security impact by the RedHat Secu ...

It was discovered that the AX25 network subsystem did not correctly check integer signedness in certain setsockopt calls A local attacker could exploit this to crash the system, leading to a denial of service Ubuntu 910 was not affected (CVE-2009-2909) ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2846 Michael Buesch noticed a typing issue in the eisa-eeprom driver for the hppa architecture Lo ...

int main(void) { int ret; int csd; int lsd; struct sockaddr_un sun; /* make an abstruct name address (*) */ memset(&sun, 0, sizeof(sun)); sunsun_family = PF_UNIX; sprintf(&sunsun_path[1], "%d", getpid()); /* create the listening socket and shutdown */ lsd = socket(AF_UNIX, SOCK_STREAM, 0); bind(lsd, (struct sockaddr *)&su ...

CWE-400 https://bugzilla.redhat.com/show_bug.cgi?id=529626 http://lkml.org/lkml/2009/10/19/50 http://patchwork.kernel.org/patch/54678/http://www.openwall.com/lists/oss-security/2009/10/19/2 http://www.openwall.com/lists/oss-security/2009/10/19/4 http://secunia.com/advisories/37086 https://rhn.redhat.com/errata/RHSA-2009-1540.html https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://www.redhat.com/support/errata/RHSA-2009-1671.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:329 http://www.redhat.com/support/errata/RHSA-2009-1670.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://secunia.com/advisories/37909 http://secunia.com/advisories/38017 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://www.ubuntu.com/usn/usn-864-1 http://secunia.com/advisories/38834 http://secunia.com/advisories/38794 http://www.vupen.com/english/advisories/2010/0528 http://lists.vmware.com/pipermail/security-announce/2010/000082.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9921 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6895 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=77238f2b942b38ab4e7f3aced44084493e4a8675 https://access.redhat.com/errata/RHSA-2009:1671 https://nvd.nist.gov https://usn.ubuntu.com/864-1/https://www.exploit-db.com/exploits/10022/

CVE-2009-3621

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect