Vulnerabilities > CVE-2009-4410 - Unspecified vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN linux
nessus
Summary
The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file.c in the Linux kernel 2.6.29-rc1 through 2.6.30.y uses the wrong variable in an argument to the kunmap function, which allows local users to cause a denial of service (panic) via unknown vectors.
Vulnerable Configurations
Nessus
| NASL family | Fedora Local Security Checks |
| NASL id | FEDORA_2009-13694.NASL |
| description | Fix a local DoS when using fuse. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 43594 |
| published | 2009-12-27 |
| reporter | This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/43594 |
| title | Fedora 11 : kernel-2.6.30.10-105.fc11 (2009-13694) |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 37453 CVE(CAN) ID: CVE-2009-4410 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的fuse内核代码的ioctl处理器中存在拒绝服务漏洞,本地用户在某些环境下调用fuse_ioctl_copy_user()可能会导致系统忙碌。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0bd87182d3ab18a32a8e9175d3f68754c58e3432 |
| id | SSV:15145 |
| last seen | 2017-11-19 |
| modified | 2009-12-25 |
| published | 2009-12-25 |
| reporter | Root |
| title | Linux Kernel fuse_ioctl_copy_user()函数本地拒绝服务漏洞 |
Statements
| contributor | Tomas Hoger |
| lastmodified | 2009-12-31 |
| organization | Red Hat |
| statement | Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit 59efec7b that introduced the problem. |
References
- http://osvdb.org/61335
- http://osvdb.org/61335
- http://secunia.com/advisories/37928
- http://secunia.com/advisories/37928
- http://www.openwall.com/lists/oss-security/2009/12/23/1
- http://www.openwall.com/lists/oss-security/2009/12/23/1
- http://www.securityfocus.com/bid/37453
- http://www.securityfocus.com/bid/37453
- https://bugzilla.redhat.com/show_bug.cgi?id=549400
- https://bugzilla.redhat.com/show_bug.cgi?id=549400
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01344.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01344.html