CVE-2009-1185

Published: Apr 17, 2009Modified: Apr 23, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

Affected (22)

Products: Udev Project: Udev · Opensuse: Opensuse · Suse: Linux Enterprise Debuginfo, Linux Enterprise Desktop, Linux Enterprise Server · +4 more

Show all products

Udev Project: Udev · Opensuse: Opensuse · Suse: Linux Enterprise Debuginfo, Linux Enterprise Desktop, Linux Enterprise Server · Debian: Debian Linux · Canonical: Ubuntu Linux · Fedoraproject: Fedora · Juniper: Ctpview

1 product

1 product

3 products

Linux Enterprise Debuginfo

Linux Enterprise Desktop

Linux Enterprise Server

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Udev Project Udev	Before 141

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 10.3
Opensuse Opensuse	Version 11.0
Opensuse Opensuse	Version 11.1
Suse Linux Enterprise Debuginfo	Version 10 sp2
Suse Linux Enterprise Debuginfo	Version 11
Suse Linux Enterprise Desktop	Version 10 sp2
Suse Linux Enterprise Desktop	Version 11
Suse Linux Enterprise Server	Version 10 sp2
Suse Linux Enterprise Server	Version 11

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 5.0

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 7.10
Canonical Ubuntu Linux	Version 8.04
Canonical Ubuntu Linux	Version 8.10

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 10
Fedoraproject Fedora	Version 9

Configuration F

4 vulnerable

Vulnerable Software	Affected Versions
Juniper Ctpview	Before 7.1
Juniper Ctpview	Version 7.1
Juniper Ctpview	Version 7.1 r1
Juniper Ctpview	Version 7.2

Related CWEs

CWE-346

Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

References (78)

http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e2b362d9f23d4c63018709ab5f81a02f72b91e75

Source: secalert@redhat.com

http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e86a923d508c2aed371cdd958ce82489cf2ab615

Source: secalert@redhat.com

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691

Source: secalert@redhat.com

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00006.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00012.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.vmware.com/pipermail/security-announce/2009/000060.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/34731

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/34750

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/34753

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/34771

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/34776

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/34785

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/34787

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/34801

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/35766

Source: secalert@redhat.com

Not Applicable

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.446399

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://wiki.rpath.com/Advisories:rPSA-2009-0063

Source: secalert@redhat.com

Broken Link

http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063

Source: secalert@redhat.com

Broken Link

http://www.debian.org/security/2009/dsa-1772

Source: secalert@redhat.com

Third Party Advisory

http://www.gentoo.org/security/en/glsa/glsa-200904-18.xml

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2009:103

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2009:104

Source: secalert@redhat.com

Broken Link

http://www.redhat.com/support/errata/RHSA-2009-0427.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/archive/1/502752/100/0/threaded

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/504849/100/0/threaded

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/34536

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1022067

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/usn-758-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2009-0009.html

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2009/1053

Source: secalert@redhat.com

Permissions Required

http://www.vupen.com/english/advisories/2009/1865

Source: secalert@redhat.com

Permissions Required

https://bugzilla.redhat.com/show_bug.cgi?id=495051

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://launchpad.net/bugs/cve/2009-1185

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10925

Source: secalert@redhat.com

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5975

Source: secalert@redhat.com

Third Party Advisory

https://www.exploit-db.com/exploits/8572

Source: secalert@redhat.com

ExploitThird Party AdvisoryVDB Entry

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00462.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00463.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e2b362d9f23d4c63018709ab5f81a02f72b91e75