PT-2008-6894 · Linux+1 · Linux+1

Clement Lecigne

Published

1970-01-01

Updated

2018-10-10

CVE-2009-0676

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions linux-image-2.6.26-1-alpha-smp versions 2.6.26-1 linux-image-2.6.26-1-vserver-powerpc64 versions 2.6.26-1 linux-image-2.6.26-1-vserver-itanium versions 2.6.26-1 linux-headers-2.6.26-1-powerpc versions 2.6.26-1 linux-image-2.6.26-1-r4k-ip22 versions 2.6.26-1 kernel-s390-debug versions 2.6.26-1 kexec-tools versions 2.6.26-1 linux-image-2.6.26-1-vserver-amd64 versions 2.6.26-1 linux-headers-2.6.26-1-itanium versions 2.6.26-1 linux-headers-2.6.26-1-all-i386 versions 2.6.26-1 linux-image-2.6.26-1-mckinley versions 2.6.26-1 linux-image-2.6.26-1-vserver-686-bigmem versions 2.6.26-1 um-host-install-initrd versions 2.6.26-1 kernel-iseries64-debuginfo versions 2.6.26-1 linux-headers-2.6.26-1-vserver-amd64 versions 2.6.26-1 linux-headers-2.6.26-1-all-mipsel versions 2.6.26-1 linux-headers-2.6.26-1-vserver-s390x versions 2.6.26-1 module-init-tools-debugsource versions 2.6.26-1 linux-image-2.6.26-1-powerpc-smp versions 2.6.26-1 linux-headers-2.6.26-1-all-amd64 versions 2.6.26-1 linux-headers-2.6.26-1-parisc versions 2.6.26-1 acerhk-kmp-debug versions 2.6.26-1 kernel-sn2 versions 2.6.26-1 linux-headers-2.6.26-1-common-openvz versions 2.6.26-1 kernel-xen-base versions 2.6.26-1 linux-headers-2.6.26-1-all-alpha versions 2.6.26-1 linux-headers-2.6.26-1-r4k-ip22 versions 2.6.26-1 linux-headers-2.6.26-1-mckinley versions 2.6.26-1 linux-headers-2.6.26-1-openvz-686 versions 2.6.26-1 linux-headers-2.6.26-1-vserver-686 versions 2.6.26-1 gspcav-kmp-debug versions 2.6.26-1 nouveau-kmp-debug versions 2.6.26-1 kernel-bigsmp-debuginfo versions 2.6.26-1 module-init-tools-debuginfo versions 2.6.26-1 linux-image-2.6.26-1-4kc-malta versions 2.6.26-1 linux-image-2.6.26-1-486 versions 2.6.26-1 linux-image-2.6.26-1-parisc-smp versions 2.6.26-1 linux-headers-2.6.26-1-all versions 2.6.26-1 linux-headers-2.6.26-1-s390x versions 2.6.26-1 linux-headers-2.6.26-1-sparc64-smp versions 2.6.26-1 kernel-pseries64 versions 2.6.26-1 linux-image-2.6.26-1-vserver-powerpc versions 2.6.26-1 module-init-tools versions 2.6.26-1 kernel-pmac64 versions 2.6.26-1 linux-headers-2.6.26-1-parisc64-smp versions 2.6.26-1 kernel-s390x-debug versions 2.6.26-1 linux-image-2.6.26-1-sb1-bcm91250a versions 2.6.26-1 linux-headers-2.6.26-1-vserver-mckinley versions 2.6.26-1 linux-headers-2.6.26-1-all-ia64 versions 2.6.26-1 kernel-ec2-base versions 2.6.26-1 linux-image-2.6.26-1-vserver-sparc64 versions 2.6.26-1 ext4dev-kmp-default versions 2.6.26-1 linux-headers-2.6.26-1-all-hppa versions 2.6.26-1 linux-image-2.6.26-1-parisc64-smp versions 2.6.26-1 um-host-kernel versions 2.6.26-1 linux-headers-2.6.26-1-all-arm versions 2.6.26-1 linux-image-2.6.26-1-s390-tape versions 2.6.26-1 ocfs2-kmp-xen versions 2.6.26-1 linux-headers-2.6.26-1-4kc-malta versions 2.6.26-1 linux-headers-2.6.26-1-parisc-smp versions 2.6.26-1 kernel-um versions 2.6.26-1 kernel-default-extra versions 2.6.26-1 kernel-s390 versions 2.6.26-1 linux-headers-2.6.26-1-openvz-amd64 versions 2.6.26-1 linux-image-2.6.26-1-alpha-legacy versions 2.6.26-1 linux-image-2.6.26-1-openvz-686 versions 2.6.26-1 linux-headers-2.6.26-1-vserver-powerpc versions 2.6.26-1 linux-headers-2.6.26-1-s390 versions 2.6.26-1 linux-image-2.6.26-1-xen-686 versions 2.6.26-1 linux-headers-2.6.26-1-common versions 2.6.26-1 kernel-ppc64-debugsource versions 2.6.26-1 linux-image-2.6.26-1-686-bigmem versions 2.6.26-1 kernel-xenpae-debuginfo versions 2.6.26-1 linux-headers-2.6.26-1-sb1a-bcm91480b versions 2.6.26-1 linux-image-2.6.26-1-s390x versions 2.6.26-1 linux-image-2.6.26-1-parisc versions 2.6.26-1

Description The issue is related to multiple vulnerabilities in various Linux kernel packages. These vulnerabilities can be exploited remotely, potentially leading to a violation of confidentiality, integrity, and availability of protected information. The sock getsockopt function in the Linux kernel does not initialize a certain structure member, allowing local users to obtain potentially sensitive information from kernel memory via an SO BSDCOMPAT getsockopt request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-20CWE-264

Related Identifiers

BDU:2015-01809

BDU:2015-01810

BDU:2015-01811

BDU:2015-01812

BDU:2015-01813

BDU:2015-01814

BDU:2015-01815

BDU:2015-01816

BDU:2015-01817

BDU:2015-01818

BDU:2015-01819

BDU:2015-01820

BDU:2015-01821

BDU:2015-01822

BDU:2015-01823

BDU:2015-01824

BDU:2015-01825

BDU:2015-01826

BDU:2015-01827

BDU:2015-01828

BDU:2015-01829

BDU:2015-01830

BDU:2015-01831

BDU:2015-01832

BDU:2015-01833

BDU:2015-01834

BDU:2015-01835

BDU:2015-01836

BDU:2015-01837

BDU:2015-01838

BDU:2015-01839

BDU:2015-01840

BDU:2015-01841

BDU:2015-01842

BDU:2015-01843

BDU:2015-01844

BDU:2015-01845

BDU:2015-01846

BDU:2015-01847

BDU:2015-01848

BDU:2015-01849

BDU:2015-01850

BDU:2015-01851

BDU:2015-01852

BDU:2015-01853

BDU:2015-01854

BDU:2015-01855

BDU:2015-01856

BDU:2015-01857

BDU:2015-01858

BDU:2015-01859

BDU:2015-01860

BDU:2015-01861

BDU:2015-01862

BDU:2015-01863

BDU:2015-01864

BDU:2015-01865

BDU:2015-01866

BDU:2015-01867

BDU:2015-01868

BDU:2015-01869

BDU:2015-01870

BDU:2015-01871

BDU:2015-01872

BDU:2015-01873

BDU:2015-01874

BDU:2015-01875

BDU:2015-01876

BDU:2015-01877

BDU:2015-01878

BDU:2015-01879

BDU:2015-01880

BDU:2015-01881

BDU:2015-01882

BDU:2015-01883

BDU:2015-01884

BDU:2015-01885

BDU:2015-01886

BDU:2015-01887

BDU:2015-01888

BDU:2015-01889

BDU:2015-01890

BDU:2015-01891

BDU:2015-01892

BDU:2015-01893

BDU:2015-01894

BDU:2015-01895

BDU:2015-01896

BDU:2015-01897

BDU:2015-01898

BDU:2015-01899

BDU:2015-01900

BDU:2015-01901

BDU:2015-01902

BDU:2015-01903

BDU:2015-01904

BDU:2015-01905

BDU:2015-01906

BDU:2015-01907

BDU:2015-01908

BDU:2015-01909

BDU:2015-01910

BDU:2015-01911

BDU:2015-01912

BDU:2015-01913

BDU:2015-01914

BDU:2015-01915

BDU:2015-01916

BDU:2015-01917

BDU:2015-01918

BDU:2015-01919

BDU:2015-04245

BDU:2015-04246

BDU:2015-04247

BDU:2015-04248

BDU:2015-04249

BDU:2015-04250

BDU:2015-04251

BDU:2015-04252

BDU:2015-04253

BDU:2015-04254

BDU:2015-04255

BDU:2015-04256

BDU:2015-04257

BDU:2015-04258

BDU:2015-04259

BDU:2015-04260

BDU:2015-04261

BDU:2015-04262

BDU:2015-04263

BDU:2015-04264

BDU:2015-04265

BDU:2015-04266

BDU:2015-04356

BDU:2015-04357

BDU:2015-04358

BDU:2015-05141

BDU:2015-05142

BDU:2015-05143

BDU:2015-05144

BDU:2015-05145

BDU:2015-05146

BDU:2015-05147

BDU:2015-05148

BDU:2015-05149

BDU:2015-05150

BDU:2015-05151

BDU:2015-05152

BDU:2015-05153

BDU:2015-05154

BDU:2015-05155

BDU:2015-05156

BDU:2015-05157

BDU:2015-05158

BDU:2015-05159

BDU:2015-05160

BDU:2015-05161

BDU:2015-05162

BDU:2015-05163

BDU:2015-05164

BDU:2015-05165

BDU:2015-05166

BDU:2015-05167

BDU:2015-05168

BDU:2015-05169

BDU:2015-05170

BDU:2015-05171

BDU:2015-05172

BDU:2015-05173

BDU:2015-05176

BDU:2015-05177

BDU:2015-05178

CVE-2009-0676

DSA-1749-1

DSA-1787-1

DSA-1794-1

RHSA-2009:0326

RHSA-2009:0360

RHSA-2009:0459

RHSA-2009_0326

RHSA-2009_0459

Affected Products

Linux

Red Hat

PT-2008-6894 · Linux+1 · Linux+1

CVE-2009-0676

Weakness Enumeration

Related Identifiers

Affected Products

References · 371