CVE-2009-3621

moderate-risk

Published 2009-10-22

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

10022

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (15)

Linux Kernel

Ubuntu Linux

Fedora

Opensuse

Suse Linux Enterprise Desktop

Suse Linux Enterprise Server

Ubuntu Linux

Vma

Esx

Affected Vendors

Canonical Opensuse Fedoraproject Suse Linux Vmware

References (52)

http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=77238...

Mailing List http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html

Mailing List http://lists.vmware.com/pipermail/security-announce/2010/000082.html

Mailing List http://lkml.org/lkml/2009/10/19/50

Exploit http://patchwork.kernel.org/patch/54678/

Broken Link http://secunia.com/advisories/37086

Broken Link http://secunia.com/advisories/37909

Broken Link http://secunia.com/advisories/38017

Broken Link http://secunia.com/advisories/38794

Broken Link http://secunia.com/advisories/38834

Broken Link http://www.mandriva.com/security/advisories?name=MDVSA-2009:329

Exploit http://www.openwall.com/lists/oss-security/2009/10/19/2

Exploit http://www.openwall.com/lists/oss-security/2009/10/19/4

Broken Link http://www.redhat.com/support/errata/RHSA-2009-1670.html

Broken Link http://www.redhat.com/support/errata/RHSA-2009-1671.html

Third Party Advisory http://www.ubuntu.com/usn/usn-864-1

and 32 more references

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 7/34 · Low

Exposure 18/34 · Moderate