Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2009-3621

Disclosure Date: October 22, 2009
CVE-2009-3621 CVSS v3 Base Score: 5.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.5 Medium
Impact Score:
3.6
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • fedoraproject,
  • linux,
  • opensuse,
  • suse,
  • vmware

Products

  • esx 4.0,
  • fedora 10,
  • linux kernel,
  • opensuse 11.0,
  • opensuse 11.2,
  • suse linux enterprise desktop 10,
  • suse linux enterprise server 10,
  • ubuntu linux 6.06,
  • ubuntu linux 8.04,
  • ubuntu linux 8.10,
  • ubuntu linux 9.04,
  • ubuntu linux 9.10,
  • vma 4.0

References

Canonical
CVE-2009-3621 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3621)
Advisory
[oss-security] 20091019 CVE request: kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket (http://www.openwall.com/lists/oss-security/2009/10/19/2)
https://bugzilla.redhat.com/show_bug.cgi?id=529626
[linux-kernel] 20091019 Re: [PATCH] AF_UNIX: Fix deadlock on connecting to shutdown socket (http://lkml.org/lkml/2009/10/19/50)
http://www.redhat.com/support/errata/RHSA-2009-1671.html
[oss-security] 20091019 Re: CVE request: kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket (http://www.openwall.com/lists/oss-security/2009/10/19/4)
https://rhn.redhat.com/errata/RHSA-2009-1540.html
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
USN-864-1 (http://www.ubuntu.com/usn/usn-864-1)
SECUNIA-38794 (http://secunia.com/advisories/38794)
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates (http://lists.vmware.com/pipermail/security-announce/2010/000082.html)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:329
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
http://git.kernel.org?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=77238f2b942b38ab4e7f3aced44084493e4a8675
SECUNIA-37909 (http://secunia.com/advisories/37909)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9921
http://patchwork.kernel.org/patch/54678
http://www.redhat.com/support/errata/RHSA-2009-1670.html
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
SECUNIA-38834 (http://secunia.com/advisories/38834)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6895
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
SECUNIA-37086 (http://secunia.com/advisories/37086)
SECUNIA-38017 (http://secunia.com/advisories/38017)
FEDORA-2009-11038 (https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html)
ADV-2010-0528 (http://www.vupen.com/english/advisories/2010/0528)
Miscellaneous
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=77238f2b942b38ab4e7f3aced44084493e4a8675
http://patchwork.kernel.org/patch/54678/

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis