Vulnerabilities > CVE-2009-4410 - Local Denial of Service vulnerability in Linux Kernel 'fuse_ioctl_copy_user()'

CVSS 4.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

local

low complexity

linux

nessus

NVD

Published: 2009-12-24

Updated: 2012-03-19

Summary

The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file.c in the Linux kernel 2.6.29-rc1 through 2.6.30.y uses the wrong variable in an argument to the kunmap function, which allows local users to cause a denial of service (panic) via unknown vectors.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 2.6.29 Linux Linux Kernel 2.6.29.1 Linux Linux Kernel 2.6.29.2 Linux Linux Kernel 2.6.29.3 Linux Linux Kernel 2.6.29.4 Linux Linux Kernel 2.6.29.5 Linux Linux Kernel 2.6.29.6 Linux Linux Kernel 2.6.29.Rc1 Linux Linux Kernel 2.6.29.Rc2 Linux Linux Kernel 2.6.29.Rc2-Git1 Linux Linux Kernel 2.6.30 Linux Linux Kernel 2.6.30.1 Linux Linux Kernel 2.6.30.2 Linux Linux Kernel 2.6.30.3 Linux Linux Kernel 2.6.30.4 Linux Linux Kernel 2.6.30.5 Linux Linux Kernel 2.6.30.6 Linux Linux Kernel 2.6.30.7 Linux Linux Kernel 2.6.30.8 Linux Linux Kernel 2.6.30.9 Linux Linux Kernel 2.6.30.Y	33

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2009-13694.NASL
description	Fix a local DoS when using fuse. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	43594
published	2009-12-27
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43594
title	Fedora 11 : kernel-2.6.30.10-105.fc11 (2009-13694)

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 37453 CVE(CAN) ID: CVE-2009-4410 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的fuse内核代码的ioctl处理器中存在拒绝服务漏洞，本地用户在某些环境下调用fuse_ioctl_copy_user()可能会导致系统忙碌。 Linux kernel 2.6.x 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0bd87182d3ab18a32a8e9175d3f68754c58e3432
id	SSV:15145
last seen	2017-11-19
modified	2009-12-25
published	2009-12-25
reporter	Root
title	Linux Kernel fuse_ioctl_copy_user()函数本地拒绝服务漏洞

Statements

contributor	Tomas Hoger
lastmodified	2009-12-31
organization	Red Hat
statement	Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit 59efec7b that introduced the problem.

Summary

Vulnerable Configurations

Nessus

Seebug

Statements

References