Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2009-0675

Disclosure Date: February 22, 2009 •

Description

The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an “inverted logic” issue.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

linux

Products

References

Canonical

CVE-2009-0675 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675)

Advisory

SECUNIA-33938 (http://secunia.com/advisories/33938)

SECUNIA-34502 (http://secunia.com/advisories/34502)

http://www.redhat.com/support/errata/RHSA-2009-0326.html

SECUNIA-37471 (http://secunia.com/advisories/37471)

http://www.redhat.com/support/errata/RHSA-2009-0360.html

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

DSA-1749 (http://www.debian.org/security/2009/dsa-1749)

DSA-1794 (http://www.debian.org/security/2009/dsa-1794)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11529

SECUNIA-33758 (http://secunia.com/advisories/33758)

USN-751-1 (http://www.ubuntu.com/usn/usn-751-1)

SECUNIA-35011 (http://secunia.com/advisories/35011)

20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (http://www.securityfocus.com/archive/1/507985/100/0/threaded)

[oss-security] 20090220 CVE request: kernel: skfp_ioctl inverted logic flaw (http://openwall.com/lists/oss-security/2009/02/20/2)

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html

SECUNIA-34981 (http://secunia.com/advisories/34981)

SECUNIA-34394 (http://secunia.com/advisories/34394)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8685

DSA-1787 (http://www.debian.org/security/2009/dsa-1787)

http://git.kernel.org?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c25b9abbc2c2c0da88e180c3933d6e773245815a

http://www.mandriva.com/security/advisories?name=MDVSA-2009:071

[netdev] 20090128 [PATCH] drivers/net/skfp: if !capable(CAP_NET_ADMIN): inverted logic (http://lists.openwall.net/netdev/2009/01/28/90)

SECUNIA-34680 (http://secunia.com/advisories/34680)

ADV-2009-3316 (http://www.vupen.com/english/advisories/2009/3316)

https://bugzilla.redhat.com/show_bug.cgi?id=486534

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.6

SECUNIA-35394 (http://secunia.com/advisories/35394)

Rapid7

Technical Analysis