Follow @discotekdotca
CVE-2009-3080
Current Description
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
Basic Data
| Published | November 20, 2009 |
|---|---|
| Last Modified | September 09, 2020 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | CWE-129 |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| CVSS 2 - Access Vector | LOCAL |
| CVSS 2 - Access Complexity | LOW |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | COMPLETE |
| CVSS 2 - Availability Impact | COMPLETE |
| CVSS 2 - Base Score | 7.2 |
| Severity | HIGH |
| Exploitability Score | 3.9 |
| Impact Score | 10.0 |
| Obtain All Privilege | false |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Linux Linux Kernel 2.6.32 rc5 * * * * * * 2.3 OS Linux Linux Kernel 2.6.32 rc4 * * * * * * 2.3 OS Linux Linux Kernel 2.6.32 rc3 * * * * * * 2.3 OS Linux Linux Kernel 2.6.32 rc1 * * * * * * 2.3 OS Linux Linux Kernel 2.6.32 - * * * * * * 2.3 OS Linux Linux Kernel * * * * * * * * 2.6.31.6 -
OR - Configuration 2
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Suse Linux Enterprise Server 10 sp3 * * - * * * 2.3 OS Suse Linux Enterprise Server 10 sp2 * * - * * * 2.3 OS Suse Linux Enterprise Desktop 10 sp3 * * * * * * 2.3 OS Suse Linux Enterprise Desktop 10 sp2 * * * * * * 2.3 OS Opensuse Opensuse 11.2 * * * * * * * 2.3 OS Opensuse Opensuse 11.1 * * * * * * * -
OR - Configuration 3
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Debian Debian Linux 4.0 * * * * * * * -
OR - Configuration 4
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Canonical Ubuntu Linux 9.10 * * * * * * * 2.3 OS Canonical Ubuntu Linux 9.04 * * * * * * * 2.3 OS Canonical Ubuntu Linux 8.10 * * * * * * * 2.3 OS Canonical Ubuntu Linux 8.04 * * * * * * * 2.3 OS Canonical Ubuntu Linux 6.06 * * * * * * * -
OR - Configuration 5
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Vmware Esx 3.5 * * * * * * * -
OR - Configuration 6
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Redhat Enterprise Linux Server Workstation 5.0 * * * * * * * 2.3 OS Redhat Enterprise Linux Server 5.0 * * * * * * * 2.3 OS Redhat Enterprise Linux Eus 5.4 * * * * * * * 2.3 OS Redhat Enterprise Linux Desktop 5.0 * * * * * * * 2.3 Application Redhat Virtualization 5.0 * * * * * * * -
OR - Configuration 7
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Redhat Fedora 10 * * * * * * *
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 4.0 |
| Redhat | Enterprise Linux Eus | 5.4 |
| Redhat | Enterprise Linux Server Workstation | 5.0 |
| Redhat | Enterprise Linux Desktop | 5.0 |
| Redhat | Fedora | 10 |
| Redhat | Virtualization | 5.0 |
| Redhat | Enterprise Linux Server | 5.0 |
| Canonical | Ubuntu Linux | 6.06, 8.04, 8.10, 9.04, 9.10 |
| Opensuse | Opensuse | 11.1, 11.2 |
| Vmware | Esx | 3.5 |
| Linux | Linux Kernel | *, 2.6.32 |
| Suse | Linux Enterprise Desktop | 10 |
| Suse | Linux Enterprise Server | 10 |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| oval:org.mitre.oval:def:10989 | OVAL | https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10989 | Mailing List Mailing List Mailing List Mailing List Mailing List Mailing List Broken Link Broken Link Broken Link Broken Link Broken Link Third Party Advisory Third Party Advisory Broken Link Broken Link Broken Link Broken Link Broken Link Third Party Advisory Third Party Advisory Third Party Advisory Third Party Advisory Third Party Advisory Third Party Advisory Third Party Advisory Third Party Advisory Mailing List |
| http://www.vmware.com/security/advisories/VMSA-2011-0009.html | CONFIRM | http://www.vmware.com/security/advisories/VMSA-2011-0009.html | PATCH Third Party Advisory Third Party Advisory Third Party Advisory Third Party Advisory Third Party Advisory VDB Entry Third Party Advisory |
| 37068 | BID | http://www.securityfocus.com/bid/37068 | Vendor Advisory |
| USN-864-1 | UBUNTU | http://www.ubuntu.com/usn/usn-864-1 | |
| RHSA-2010:0882 | REDHAT | http://www.redhat.com/support/errata/RHSA-2010-0882.html | |
| RHSA-2010:0041 | REDHAT | http://www.redhat.com/support/errata/RHSA-2010-0041.html | |
| MDVSA-2011:051 | MANDRIVA | http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 | |
| MDVSA-2010:030 | MANDRIVA | http://www.mandriva.com/security/advisories?name=MDVSA-2010:030 | |
| DSA-2005 | DEBIAN | http://www.debian.org/security/2010/dsa-2005 | |
| http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8 | CONFIRM | http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8 | |
| 38276 | SECUNIA | http://secunia.com/advisories/38276 | |
| http://support.avaya.com/css/P8/documents/100073666 | CONFIRM | http://support.avaya.com/css/P8/documents/100073666 | |
| 38017 | SECUNIA | http://secunia.com/advisories/38017 | |
| 37909 | SECUNIA | http://secunia.com/advisories/37909 | |
| 37720 | SECUNIA | http://secunia.com/advisories/37720 | |
| 37435 | SECUNIA | http://secunia.com/advisories/37435 | |
| SUSE-SA:2010:013 | SUSE | http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html | |
| SUSE-SA:2010:005 | SUSE | http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html | |
| SUSE-SA:2010:001 | SUSE | http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html | |
| SUSE-SA:2009:064 | SUSE | http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html | |
| SUSE-SA:2009:061 | SUSE | http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html | |
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=690e744869f3262855b83b4fb59199cf142765b0 | CONFIRM | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=690e744869f3262855b83b4fb59199cf142765b0 | |
| oval:org.mitre.oval:def:12862 | OVAL | https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:12862 | |
| oval:org.mitre.oval:def:7101 | OVAL | https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7101 | |
| RHSA-2010:0046 | REDHAT | https://rhn.redhat.com/errata/RHSA-2010-0046.html | |
| RHSA-2010:0095 | REDHAT | https://rhn.redhat.com/errata/RHSA-2010-0095.html | |
| FEDORA-2009-13098 | FEDORA | https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html |