PT-2009-6741 · Linux+2 · Linux Kernel+2

Igor Zhbanov

Published

1970-01-01

Updated

2020-09-02

CVE-2009-1072

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions module-init-tools versions prior to 2.6.28.9 Linux kernel versions prior to 2.6.28.9

Description The issue affects the module-init-tools package in SUSE Linux Enterprise and openSUSE, as well as the Linux kernel. It allows local users to create device nodes, potentially leading to a breach of protected information integrity. The exploitation of these vulnerabilities can be carried out locally.

Recommendations For module-init-tools versions prior to 2.6.28.9, update to version 2.6.28.9 or later to resolve the issue. For Linux kernel versions prior to 2.6.28.9, update to version 2.6.28.9 or later to resolve the issue. As a temporary workaround, consider restricting local user privileges to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-16

Related Identifiers

BDU:2015-04356

BDU:2015-04357

BDU:2015-04358

BDU:2015-05176

BDU:2015-05177

BDU:2015-05178

CVE-2009-1072

DSA-1800-1

RHSA-2009:1081

RHSA-2009:1106

RHSA-2009:1132

RHSA-2009_1106

RHSA-2009_1132

Affected Products

Linux Kernel

Red Hat

Module-Init-Tools

PT-2009-6741 · Linux+2 · Linux Kernel+2

CVE-2009-1072

Weakness Enumeration

Related Identifiers

Affected Products

References · 155