PT-2009-5257 · Linux · Linux Kernel

Mark Smith

Publicado

2009-09-15

Atualizado

2023-02-13

CVE-2009-2903

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.4.x through 2.4.37.6 Linux kernel versions 2.6.x through 2.6.31

Description: A memory leak issue exists in the appletalk subsystem of the Linux kernel. This occurs when the appletalk and ipddp modules are loaded, but the ipddp"N" device is not found. As a result, remote attackers can cause a denial of service by consuming memory via IP-DDP datagrams.

Recommendations: For Linux kernel versions 2.4.x through 2.4.37.6, consider disabling the appletalk and ipddp modules until a patch is available. For Linux kernel versions 2.6.x through 2.6.31, consider disabling the appletalk and ipddp modules until a patch is available. As a temporary workaround, restrict access to the ipddp module to minimize the risk of exploitation.

Correção

Missing Release of Resource after Effective Lifetime

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-772

Identificadores relacionados

CVE-2009-2903

DSA-1915-1

DSA-1928-1

Produtos afetados

Linux Kernel

PT-2009-5257 · Linux · Linux Kernel

CVE-2009-2903

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16