CVE-2009-3621

Published: Oct 22, 2009Modified: Apr 23, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.

Affected (15)

Products: Linux: Linux Kernel · Canonical: Ubuntu Linux · Fedoraproject: Fedora · +3 more

Show all products

Linux: Linux Kernel · Canonical: Ubuntu Linux · Fedoraproject: Fedora · Opensuse: Opensuse · Suse: Suse Linux Enterprise Desktop, Suse Linux Enterprise Server · Vmware: Esx, Vma

1 product

1 product

1 product

1 product

2 products

Suse Linux Enterprise Desktop

Suse Linux Enterprise Server

Vmware

2 products

Esx

Vma

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 2.6.31.4

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 8.04
Canonical Ubuntu Linux	Version 8.10
Canonical Ubuntu Linux	Version 9.04
Canonical Ubuntu Linux	Version 9.10

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 10

Configuration D

6 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.0
Opensuse Opensuse	Version 11.2
Suse Suse Linux Enterprise Desktop	Version 10 sp2
Suse Suse Linux Enterprise Desktop	Version 10 sp3
Suse Suse Linux Enterprise Server	Version 10 sp2
Suse Suse Linux Enterprise Server	Version 10 sp3

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Vmware Esx	Version 4.0
Vmware Vma	Version 4.0

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (52)

http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=77238f2b942b38ab4e7f3aced44084493e4a8675

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lkml.org/lkml/2009/10/19/50

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://patchwork.kernel.org/patch/54678/

Source: secalert@redhat.com

ExploitMailing ListThird Party Advisory

http://secunia.com/advisories/37086

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/37909

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/38017

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/38794

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/38834

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2009:329

Source: secalert@redhat.com

Broken Link

http://www.openwall.com/lists/oss-security/2009/10/19/2

Source: secalert@redhat.com

ExploitMailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2009/10/19/4

Source: secalert@redhat.com

ExploitMailing ListPatchThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2009-1670.html

Source: secalert@redhat.com

Broken Link

http://www.redhat.com/support/errata/RHSA-2009-1671.html

Source: secalert@redhat.com

Broken Link

http://www.ubuntu.com/usn/usn-864-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2010/0528

Source: secalert@redhat.com

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=529626

Source: secalert@redhat.com

ExploitIssue TrackingThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6895

Source: secalert@redhat.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9921

Source: secalert@redhat.com

Third Party Advisory

https://rhn.redhat.com/errata/RHSA-2009-1540.html

Source: secalert@redhat.com

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=77238f2b942b38ab4e7f3aced44084493e4a8675