#VU91218 Buffer overflow in Linux kernel


Published: 2024-06-05

Vulnerability identifier: #VU91218

Vulnerability risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2009-0065

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to memory corruption within the sctp_sf_eat_fwd_tsn() and sctp_sf_eat_fwd_tsn_fast() functions in net/sctp/sm_statefuns.c. A remote non-authenticated attacker can execute arbitrary code.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9fcb95a105758b81ef0131cd18e2db5149f13e95
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832118
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
http://patchwork.ozlabs.org/patch/15024/
http://rhn.redhat.com/errata/RHSA-2009-0264.html
http://secunia.com/advisories/33674
http://secunia.com/advisories/33854
http://secunia.com/advisories/33858
http://secunia.com/advisories/34252
http://secunia.com/advisories/34394
http://secunia.com/advisories/34680
http://secunia.com/advisories/34762
http://secunia.com/advisories/34981
http://secunia.com/advisories/35011
http://secunia.com/advisories/35174
http://secunia.com/advisories/35390
http://secunia.com/advisories/35394
http://secunia.com/advisories/36191
http://support.avaya.com/elmodocs2/security/ASA-2009-114.htm
http://www.debian.org/security/2009/dsa-1749
http://www.debian.org/security/2009/dsa-1787
http://www.debian.org/security/2009/dsa-1794
http://www.openwall.com/lists/oss-security/2009/01/05/1
http://www.redhat.com/support/errata/RHSA-2009-0053.html
http://www.redhat.com/support/errata/RHSA-2009-0331.html
http://www.redhat.com/support/errata/RHSA-2009-1055.html
http://www.securityfocus.com/bid/33113
http://www.securitytracker.com/id?1022698
http://www.ubuntu.com/usn/usn-751-1
http://www.vupen.com/english/advisories/2009/0029
http://www.vupen.com/english/advisories/2009/2193
http://bugzilla.redhat.com/show_bug.cgi?id=478800
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10872
http://www.redhat.com/archives/fedora-package-announce/2009-January/msg01045.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Buffer overflow in Linux kernel sctp