Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2009-3080

Disclosure Date: November 20, 2009
CVE-2009-3080
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • linux,
  • opensuse,
  • redhat,
  • suse,
  • vmware

Products

  • debian linux 4.0,
  • enterprise linux desktop 5.0,
  • enterprise linux eus 5.4,
  • enterprise linux server 5.0,
  • enterprise linux server workstation 5.0,
  • esx 3.5,
  • fedora 10,
  • linux enterprise desktop 10,
  • linux enterprise server 10,
  • linux kernel,
  • linux kernel 2.6.32,
  • opensuse 11.1,
  • opensuse 11.2,
  • ubuntu linux 6.06,
  • ubuntu linux 8.04,
  • ubuntu linux 8.10,
  • ubuntu linux 9.04,
  • ubuntu linux 9.10,
  • virtualization 5.0

References

Canonical
CVE-2009-3080 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3080)
BID-37068 (http://www.securityfocus.com/bid/37068)
Advisory
SECUNIA-38276 (http://secunia.com/advisories/38276)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:030
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
USN-864-1 (http://www.ubuntu.com/usn/usn-864-1)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
SECUNIA-37435 (http://secunia.com/advisories/37435)
http://support.avaya.com/css/P8/documents/100073666
SECUNIA-37720 (http://secunia.com/advisories/37720)
SECUNIA-37909 (http://secunia.com/advisories/37909)
http://www.redhat.com/support/errata/RHSA-2010-0882.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101
http://www.vmware.com/security/advisories/VMSA-2011-0009.html
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
https://rhn.redhat.com/errata/RHSA-2010-0046.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862
http://git.kernel.org?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=690e744869f3262855b83b4fb59199cf142765b0
DSA-2005 (http://www.debian.org/security/2010/dsa-2005)
FEDORA-2009-13098 (https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989
http://www.redhat.com/support/errata/RHSA-2010-0041.html
SECUNIA-38017 (http://secunia.com/advisories/38017)
Miscellaneous
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0
https://access.redhat.com/errata/RHSA-2010:0041
https://access.redhat.com/errata/RHSA-2010:0046
https://access.redhat.com/errata/RHSA-2010:0076
https://access.redhat.com/errata/RHSA-2010:0882
https://access.redhat.com/security/cve/CVE-2009-3080
https://bugzilla.redhat.com/show_bug.cgi?id=539414

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis