CVE-2009-3080 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.2 UNKNOWN	LOCAL	LOW		AV:L/AC:L/Au:N/C:C/I:C/A:C
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 22%

Vendor	Product	Version
linux	linux_kernel	𝑥 ≤ 2.6.31.6
linux	linux_kernel	2.6.32
linux	linux_kernel	2.6.32:rc1
linux	linux_kernel	2.6.32:rc3
linux	linux_kernel	2.6.32:rc4
linux	linux_kernel	2.6.32:rc5
opensuse	opensuse	11.1
opensuse	opensuse	11.2
debian	debian_linux	4.0
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10
canonical	ubuntu_linux	9.04
canonical	ubuntu_linux	9.10
vmware	esx	3.5
redhat	virtualization	5.0
redhat	enterprise_linux_desktop	5.0
redhat	enterprise_linux_eus	5.4
redhat	enterprise_linux_server	5.0
redhat	enterprise_linux_server_workstation	5.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

linux

karmic	Fixed 2.6.31-16.52 released
jaunty	Fixed 2.6.28-17.58 released
intrepid	Fixed 2.6.27-16.44 released
hardy	Fixed 2.6.24-26.64 released
dapper	dne

linux-source-2.6.15

karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
dapper	Fixed 2.6.15-55.81 released

Common Weakness Enumeration

CWE-129 - Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html

http://secunia.com/advisories/37435

http://secunia.com/advisories/37720

http://secunia.com/advisories/37909

http://secunia.com/advisories/38017

http://secunia.com/advisories/38276

http://support.avaya.com/css/P8/documents/100073666

http://www.debian.org/security/2010/dsa-2005

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8

http://www.mandriva.com/security/advisories?name=MDVSA-2010:030

http://www.mandriva.com/security/advisories?name=MDVSA-2011:051

http://www.redhat.com/support/errata/RHSA-2010-0041.html

http://www.redhat.com/support/errata/RHSA-2010-0882.html

http://www.securityfocus.com/bid/37068

http://www.ubuntu.com/usn/usn-864-1

http://www.vmware.com/security/advisories/VMSA-2011-0009.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101

https://rhn.redhat.com/errata/RHSA-2010-0046.html

https://rhn.redhat.com/errata/RHSA-2010-0095.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html

http://secunia.com/advisories/37435

http://secunia.com/advisories/37720

http://secunia.com/advisories/37909

http://secunia.com/advisories/38017

http://secunia.com/advisories/38276

http://support.avaya.com/css/P8/documents/100073666

http://www.debian.org/security/2010/dsa-2005

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8

http://www.mandriva.com/security/advisories?name=MDVSA-2010:030

http://www.mandriva.com/security/advisories?name=MDVSA-2011:051

http://www.redhat.com/support/errata/RHSA-2010-0041.html

http://www.redhat.com/support/errata/RHSA-2010-0882.html

http://www.securityfocus.com/bid/37068

http://www.ubuntu.com/usn/usn-864-1

http://www.vmware.com/security/advisories/VMSA-2011-0009.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101

https://rhn.redhat.com/errata/RHSA-2010-0046.html

https://rhn.redhat.com/errata/RHSA-2010-0095.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html