製品・ソフトウェアに関する情報

JVN脆弱性詳細

Linux kernel における proto_ops 構造体の初期化処理に関する権限昇格の脆弱性

Title	Linux kernel における proto_ops 構造体の初期化処理に関する権限昇格の脆弱性
Summary	Linux kernel には、proto_ops 構造体の初期化処理に不備が存在するため、mmap の page zero をマッピングし、任意のコードを書き込むことで権限を取得可能な脆弱性が存在します。
Possible impacts	ローカルユーザに権限を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 14, 2009, midnight
Registration Date	Oct. 2, 2009, 11:44 a.m.
Last Update	Feb. 17, 2010, 11:45 a.m.

CVSS2.0 : 危険
Score	7.2
Vector	AV:L/AC:L/Au:N/C:C/I:C/A:C

Affected System

レッドハット

Red Hat Enterprise Linux 3 (as)

Red Hat Enterprise Linux 3 (es)

Red Hat Enterprise Linux 3 (ws)

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 4.7 (as)

Red Hat Enterprise Linux 4.7 (es)

Red Hat Enterprise Linux 4.8 (as)

Red Hat Enterprise Linux 4.8 (es)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 3.0

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux EUS 5.2.z (server)

Red Hat Enterprise Linux EUS 5.3.z (server)

ターボリナックス

Turbolinux Appliance Server 2.0

Turbolinux Appliance Server 3.0

Turbolinux Appliance Server 3.0 (x64)

Turbolinux Client 2008

Turbolinux FUJI

Turbolinux Server 10

Turbolinux Server 10 (x64)

Turbolinux Server 11

Turbolinux Server 11 (x64)

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

Asianux Server 3.0

Asianux Server 3.0 (x86-64)

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

Linux

Linux Kernel 2.4.4 から 2.4.37.4

Linux Kernel 2.6.0 から 2.6.30.4

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-2692	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
National Vulnerability Database (NVD)
2	CVE-2009-2692	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2692

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Asianux Technical Support Network
1	kernel-2.6.18-128.9AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=747
2	kernel-2.6.18-53.26AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=457
Linux Kernel
3	ChangeLog-2.4.37.5	http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5
4	ChangeLog-2.6.30.5	http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5
MIRACLE LINUX アップデート情報
5	1778	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1778
6	1835	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1835
7	1992	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1992
Red Hat Security Advisory
8	RHSA-2009:1222	https://rhn.redhat.com/errata/RHSA-2009-1222.html
9	RHSA-2009:1223	https://rhn.redhat.com/errata/RHSA-2009-1223.html
10	RHSA-2009:1233	https://rhn.redhat.com/errata/RHSA-2009-1233.html
11	RHSA-2009:1457	https://rhn.redhat.com/errata/RHSA-2009-1457.html
12	RHSA-2009:1469	https://rhn.redhat.com/errata/RHSA-2009-1469.html
Turbolinux Security Advisory (英語)
13	TLSA-2009-28	http://www.turbolinux.com/security/2009/TLSA-2009-28.txt
レッドハットセキュリティーアップデート
14	RHSA-2009:1222	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1222J.html
15	RHSA-2009:1223	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1223J.html
16	RHSA-2009:1233	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1233J.html
製品セキュリティ情報
17	TLSA-2009-28	http://www.turbolinux.co.jp/security/2009/TLSA-2009-28j.txt

その他

No	Name	URL
Secunia Advisory
1	SA36278	http://secunia.com/advisories/36278
2	SA36289	http://secunia.com/advisories/36289
3	SA36430	http://secunia.com/advisories/36430
SecurityFocus
4	36038	http://www.securityfocus.com/bid/36038
VUPEN Security
5	VUPEN/ADV-2009-2272	http://www.vupen.com/english/advisories/2009/2272

Change Log

No	Changed Details	Date of change
0	[2009年10月02日] 掲載 [2009年10月23日] 影響を受けるシステム：ターボリナックス (TLSA-2009-28) の情報を追加ベンダ情報：ターボリナックス (TLSA-2009-28) を追加 [2010年01月21日] 影響を受けるシステム：ミラクル・リナックス (1835) の情報を追加ベンダ情報：ミラクル・リナックス (1835) を追加 [2010年02月17日] ベンダ情報：ミラクル・リナックス (1992) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-2692

Summary	The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
Publication Date	Aug. 15, 2009, 12:16 a.m.
Registration Date	Jan. 29, 2021, 1:21 p.m.
Last Update	Feb. 9, 2024, 8:50 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::	2.4.4			2.4.37.5
cpe:2.3:o:linux:linux_kernel::::::::	2.6.0			2.6.30.5

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:4.0:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_real_time:10:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:5.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:4.8:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6	CONFIRM	Broken Link Vendor Advisory
2	http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html	FULLDISC	Broken Link Exploit
3	http://www.securityfocus.com/bid/36038	BID	Broken Link Exploit Third Party Advisory VDB Entry
4	http://grsecurity.net/~spender/wunderbar_emporium.tgz	MISC	Broken Link
5	http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html	MISC	Exploit Issue Tracking
6	http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5	CONFIRM	Broken Link Vendor Advisory
7	http://secunia.com/advisories/36327	SECUNIA	Broken Link Vendor Advisory
8	http://www.vupen.com/english/advisories/2009/2272	VUPEN	Broken Link Patch Vendor Advisory
9	http://www.debian.org/security/2009/dsa-1865	DEBIAN	Mailing List Third Party Advisory
10	http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5	CONFIRM	Broken Link Vendor Advisory
11	http://secunia.com/advisories/36289	SECUNIA	Broken Link Vendor Advisory
12	https://issues.rpath.com/browse/RPL-3103	CONFIRM	Broken Link
13	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121	CONFIRM	Broken Link
14	http://zenthought.org/content/file/android-root-2009-08-16-source	MISC	Broken Link
15	http://secunia.com/advisories/36430	SECUNIA	Broken Link Vendor Advisory
16	http://rhn.redhat.com/errata/RHSA-2009-1223.html	REDHAT	Third Party Advisory
17	http://rhn.redhat.com/errata/RHSA-2009-1222.html	REDHAT	Third Party Advisory
18	https://bugzilla.redhat.com/show_bug.cgi?id=516949	CONFIRM	Issue Tracking Patch
19	http://secunia.com/advisories/36278	SECUNIA	Broken Link Vendor Advisory
20	http://www.openwall.com/lists/oss-security/2009/08/14/1	MLIST	Mailing List Patch
21	http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html	SUSE	Mailing List
22	http://www.redhat.com/support/errata/RHSA-2009-1233.html	REDHAT	Broken Link
23	http://support.avaya.com/css/P8/documents/100067254	CONFIRM	Third Party Advisory
24	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	CONFIRM	Third Party Advisory
25	http://www.vupen.com/english/advisories/2009/3316	VUPEN	Broken Link Vendor Advisory
26	http://secunia.com/advisories/37471	SECUNIA	Broken Link Vendor Advisory
27	http://secunia.com/advisories/37298	SECUNIA	Broken Link Vendor Advisory
28	http://www.exploit-db.com/exploits/19933	EXPLOIT-DB	Exploit Third Party Advisory VDB Entry
29	http://www.mandriva.com/security/advisories?name=MDVSA-2009:233	MANDRIVA	Broken Link
30	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657	OVAL	Broken Link
31	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591	OVAL	Broken Link
32	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526	OVAL	Broken Link
33	http://www.exploit-db.com/exploits/9477	EXPLOIT-DB	Third Party Advisory VDB Entry
34	http://www.securityfocus.com/archive/1/512019/100/0/threaded	BUGTRAQ	Broken Link Third Party Advisory VDB Entry
35	http://www.securityfocus.com/archive/1/507985/100/0/threaded	BUGTRAQ	Broken Link Third Party Advisory VDB Entry
36	http://www.securityfocus.com/archive/1/505912/100/0/threaded	BUGTRAQ	Broken Link Third Party Advisory VDB Entry
37	http://www.securityfocus.com/archive/1/505751/100/0/threaded	BUGTRAQ	Broken Link Third Party Advisory VDB Entry
38	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98		Broken Link
39	http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3		Broken Link

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-908	初期化されていないリソースの使用	https://cwe.mitre.org/data/definitions/908.html

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:5.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:4.8:::::::*