CVE-2009-3725
First published: Fri Nov 06 2009(Updated: )
The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <2.6.31.5 | |
| Ubuntu Linux | =6.06 | |
| Ubuntu Linux | =8.04 | |
| Ubuntu Linux | =8.10 | |
| Ubuntu Linux | =9.04 | |
| Ubuntu Linux | =9.10 | |
| Ubuntu | =6.06 | |
| Ubuntu | =9.04 | |
| Ubuntu | =8.04 | |
| Ubuntu | =8.10 | |
| Ubuntu | =9.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/
- http://www.securityfocus.com/bid/36834
- http://marc.info/?l=oss-security&m=125715484511380&w=2
- http://marc.info/?l=oss-security&m=125716192622235&w=2
- http://secunia.com/advisories/37113
- http://patchwork.kernel.org/patch/51384/
- http://patchwork.kernel.org/patch/51387/
- http://patchwork.kernel.org/patch/51382/
- http://marc.info/?l=linux-kernel&m=125449888416314&w=2
- http://patchwork.kernel.org/patch/51383/
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5
- http://www.ubuntu.com/usn/usn-864-1
- http://secunia.com/advisories/38905
Frequently Asked Questions
What is the severity of CVE-2009-3725?
CVE-2009-3725 is rated as a high severity vulnerability due to its potential for local privilege escalation.
How do I fix CVE-2009-3725?
To fix CVE-2009-3725, update the Linux kernel to version 2.6.31.5 or later.
Which Linux kernel versions are affected by CVE-2009-3725?
CVE-2009-3725 affects Linux kernel versions prior to 2.6.31.5.
Who is impacted by CVE-2009-3725?
Local users of affected Linux systems can exploit CVE-2009-3725 to gain elevated privileges.
What systems specifically are vulnerable to CVE-2009-3725?
Distributions like Ubuntu Linux versions 6.06, 8.04, 8.10, 9.04, and 9.10 are vulnerable to CVE-2009-3725.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/linux
- canonical/linux kernel
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/6.06
- version/ubuntu linux/8.04
- version/ubuntu linux/8.10
- version/ubuntu linux/9.04
- version/ubuntu linux/9.10
- canonical/ubuntu
- version/ubuntu/6.06
- version/ubuntu/9.04
- version/ubuntu/8.04
- version/ubuntu/8.10
- version/ubuntu/9.10