CVE-2009-0029

{"id": "CVE-2009-0029", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-01-15T17:30:00.467", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=linux-kernel&m=123155111608910&w=2", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/33477", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/33674", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34394", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34981", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/35011", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2009/dsa-1749", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2009/dsa-1787", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2009/dsa-1794", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/33275", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479969", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01045.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call."}, {"lang": "es", "value": "ABI en el kernel de Linux v2.6.28 y anteriores sobre las plataformas s390, powerpc, sparc64, y mips 64-bit requiere que un argumento de 32-bit en un registro de 64-bit sea firmado adecuadamente cuando se env\u00eda una aplicaci\u00f3n en modo de usuario, pero esto no lo puede realizar, lo que permitir\u00eda a usuarios locales producir una denegaci\u00f3n de servicio (ca\u00edda) o ganar privilegios a trav\u00e9s de una llamada al sistema manipulada."}], "lastModified": "2023-02-13T02:19:37.567", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B5B312F-E76A-43E1-A73F-31535848D55B", "versionEndIncluding": "2.6.28"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"}], "operator": "OR"}]}], "vendorComments": [{"comment": "This flaw affects most 64-bit architectures, including IBM S/390 and 64-bit PowerPC, but it does not affect x86_64 or Intel Itanium. The risks associated with fixing this flaw are greater than the security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5. Red Hat Enterprise MRG is not affected as it is not supported on 64-bit architectures other than x86_64.", "lastModified": "2009-06-09T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "secalert@redhat.com"}