CVE-2009-2695: CVE-2009-2695

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-2695

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Linux Kernel mmap_min_addr低内存区空指针引用漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。 Red Hat Enterprise Linux 5.3的selinux-policy软件包提供了SELinux布尔值allow_unconfined_mmap_low，用于控制是否对在不受限制域(如unconfined_t或initrc_t)中所运行的进程应用mmap_min_addr限制。但allow_unconfined_mmap_low布

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2009-2695

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2009-2695

Please Login to view more intelligence information

http://twitter.com/spendergrsec/statuses/3303390960x_refsource_MISC
http://git.kernel.org/?p=linux/kernel/git/jmorris/security-testing-2.6.git%3Ba=commit%3Bh=7c73875e7dda627040b12c19b01db634fa7f0fd1x_refsource_CONFIRM
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=788084aba2ab7348257597496befcbccabdc98a3x_refsource_CONFIRM
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9c0d90103c7e0eb6e638e5b649e9f6d8d9c1b4b3x_refsource_CONFIRM
http://git.kernel.org/?p=linux/kernel/git/jmorris/security-testing-2.6.git%3Ba=commit%3Bh=84336d1a77ccd2c06a730ddd38e695c2324a7386x_refsource_CONFIRM
http://danwalsh.livejournal.com/30084.htmlx_refsource_CONFIRM
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1d9959734a1949ea4f2427bd2d8b21ede6b2441cx_refsource_CONFIRM
http://kbase.redhat.com/faq/docs/DOC-18042x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=517830x_refsource_CONFIRM
http://patchwork.kernel.org/patch/36540/x_refsource_CONFIRM
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8cf948e744e0218af604c32edecde10006dc8e9ex_refsource_CONFIRM
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc7x_refsource_CONFIRM
http://patchwork.kernel.org/patch/36539/x_refsource_CONFIRM
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ab5a91a8364c3d6fc617abc47cc81d162c01d90ax_refsource_CONFIRM
http://patchwork.kernel.org/patch/36649/x_refsource_CONFIRM
http://git.kernel.org/?p=linux/kernel/git/jmorris/security-testing-2.6.git%3Ba=commit%3Bh=47d439e9fb8a81a90022cfa785bf1c36c4e2aff6x_refsource_CONFIRM
http://patchwork.kernel.org/patch/36650/x_refsource_CONFIRM
http://thread.gmane.org/gmane.linux.kernel.lsm/9075x_refsource_CONFIRM
http://git.kernel.org/?p=linux/kernel/git/jmorris/security-testing-2.6.git%3Ba=commit%3Bh=a2551df7ec568d87793d2eea4ca744e86318f205x_refsource_CONFIRM
http://eparis.livejournal.com/606.htmlx_refsource_CONFIRM
http://secunia.com/advisories/38794third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/36501third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/36051vdb-entryx_refsource_BID
http://secunia.com/advisories/37105third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/38834third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2010/dsa-2005vendor-advisoryx_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-852-1vendor-advisoryx_refsource_UBUNTU
http://www.vupen.com/english/advisories/2010/0528vdb-entryx_refsource_VUPEN
https://rhn.redhat.com/errata/RHSA-2009-1548.htmlvendor-advisoryx_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2009-1672.htmlvendor-advisoryx_refsource_REDHAT
https://rhn.redhat.com/errata/RHSA-2009-1540.htmlvendor-advisoryx_refsource_REDHAT
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.htmlvendor-advisoryx_refsource_FEDORA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9882vdb-entrysignaturex_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7144vdb-entrysignaturex_refsource_OVAL
http://www.openwall.com/lists/oss-security/2009/08/17/4mailing-listx_refsource_MLIST
http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlmailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2009-2695

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2009-2695

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2009-2695

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2009-2695

III. Intelligence Information for CVE-2009-2695

IV. Related Vulnerabilities

V. Comments for CVE-2009-2695

Leave a comment