CVE-2009-3725

high

Description

The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems.

References

http://www.ubuntu.com/usn/usn-864-1

http://www.securityfocus.com/bid/36834

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5

http://secunia.com/advisories/38905

http://secunia.com/advisories/37113

http://patchwork.kernel.org/patch/51387/

http://patchwork.kernel.org/patch/51384/

http://patchwork.kernel.org/patch/51383/

http://patchwork.kernel.org/patch/51382/

http://marc.info/?l=oss-security&m=125716192622235&w=2

http://marc.info/?l=oss-security&m=125715484511380&w=2

http://marc.info/?l=linux-kernel&m=125449888416314&w=2

Details

Source: Mitre, NVD

Published: 2009-11-06

Updated: 2018-11-16

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High