National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-2844)

National Cyber-Alert System

Vulnerability Summary for CVE-2009-2844

Original release date:08/18/2009

Last revised:09/02/2009

Source: US-CERT/NIST

Overview

cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) (legend)

Impact Subscore: 6.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows disruption of serviceUnknown

Vendor Statements (disclaimer)

Official Statement from Red Hat (08/19/2009)

Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG. Please note this issue only affected Linux kernel versions after v2.6.30-rc1 and was fixed in v2.6.31-rc6.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MLIST

Name: [oss-security] 20090817 Re: CVE request: kernel: cfg80211: missing NULL pointer checks

Type: Patch Information

Hyperlink:http://www.openwall.com/lists/oss-security/2009/08/17/2

External Source: MLIST

Name: [oss-security] 20090817 CVE request: kernel: cfg80211: missing NULL pointer checks

Type: Patch Information

Hyperlink:http://www.openwall.com/lists/oss-security/2009/08/17/1

External Source: MISC

Name: http://jon.oberheide.org/files/cfg80211-remote-dos.c

Type: Patch Information

Hyperlink:http://jon.oberheide.org/files/cfg80211-remote-dos.c

External Source: BID

Name: 36052

Hyperlink:http://www.securityfocus.com/bid/36052

External Source: CONFIRM

Name: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5

Hyperlink:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5

External Source: SECUNIA

Name: 36278

Hyperlink:http://secunia.com/advisories/36278

External Source: CONFIRM

Name: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cd3468bad96c00b5a512f551674f36776129520e

Hyperlink:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cd3468bad96c00b5a512f551674f36776129520e

Vulnerable software and versions

Configuration 1

* cpe:/o:linux:kernel:2.6.1

* cpe:/o:linux:kernel:2.6.10

* cpe:/o:linux:kernel:2.6.0

* cpe:/o:linux:kernel:2.6.11

* cpe:/o:linux:kernel:2.6.11.1

* cpe:/a:linux:kernel:2.6.25.15

* cpe:/a:linux:kernel:2.6.24.7

* cpe:/o:linux:kernel:2.6

* cpe:/o:linux:kernel:2.6.11.10

* cpe:/o:linux:kernel:2.6.11.11

* cpe:/o:linux:kernel:2.6.11.2

* cpe:/o:linux:kernel:2.6.11.3

* cpe:/o:linux:kernel:2.6.11.4

* cpe:/o:linux:kernel:2.6.11.5

* cpe:/o:linux:kernel:2.6.11.8

* cpe:/o:linux:kernel:2.6.11.7

* cpe:/o:linux:kernel:2.6.11.9

* cpe:/o:linux:kernel:2.6.11.12

* cpe:/o:linux:kernel:2.6.12

* cpe:/o:linux:kernel:2.6.12.3

* cpe:/o:linux:kernel:2.6.12.2

* cpe:/o:linux:kernel:2.6.12.5

* cpe:/o:linux:kernel:2.6.12.4

* cpe:/o:linux:kernel:2.6.13

* cpe:/o:linux:kernel:2.6.12.6

* cpe:/o:linux:kernel:2.6.13.2

* cpe:/o:linux:kernel:2.6.13.1

* cpe:/o:linux:kernel:2.6.13.3

* cpe:/o:linux:kernel:2.6.12.1

* cpe:/o:linux:kernel:2.6.14.7

* cpe:/o:linux:kernel:2.6.14.5

* cpe:/o:linux:kernel:2.6.14.6

* cpe:/o:linux:kernel:2.6.13.5

* cpe:/o:linux:kernel:2.6.14

* cpe:/o:linux:kernel:2.6.13.4

* cpe:/o:linux:kernel:2.6.14.3

* cpe:/o:linux:kernel:2.6.14.4

* cpe:/o:linux:kernel:2.6.14.1

* cpe:/o:linux:kernel:2.6.14.2

* cpe:/o:linux:kernel:2.6.15

* cpe:/o:linux:kernel:2.6.15.3

* cpe:/o:linux:kernel:2.6.15.4

* cpe:/o:linux:kernel:2.6.15.1

* cpe:/o:linux:kernel:2.6.15.2

* cpe:/o:linux:kernel:2.6.16

* cpe:/o:linux:kernel:2.6.15.7

* cpe:/o:linux:kernel:2.6.15.6

* cpe:/o:linux:kernel:2.6.15.5

* cpe:/o:linux:kernel:2.6.16.1

* cpe:/o:linux:kernel:2.6.16.18

* cpe:/o:linux:kernel:2.6.16.17

* cpe:/o:linux:kernel:2.6.16.19

* cpe:/o:linux:kernel:2.6.16.12

* cpe:/o:linux:kernel:2.6.16.14

* cpe:/o:linux:kernel:2.6.16.11

* cpe:/o:linux:kernel:2.6.16.13

* cpe:/o:linux:kernel:2.6.16.10

* cpe:/o:linux:kernel:2.6.16.16

* cpe:/o:linux:kernel:2.6.16.15

* cpe:/o:linux:kernel:2.6.16.20

* cpe:/o:linux:kernel:2.6.16.26

* cpe:/o:linux:kernel:2.6.16.25

* cpe:/o:linux:kernel:2.6.16.28

* cpe:/o:linux:kernel:2.6.16.27

* cpe:/o:linux:kernel:2.6.16.22

* cpe:/o:linux:kernel:2.6.16.21

* cpe:/o:linux:kernel:2.6.16.2

* cpe:/o:linux:kernel:2.6.16.24

* cpe:/o:linux:kernel:2.6.16.23

* cpe:/o:linux:kernel:2.6.16.29

* cpe:/o:linux:kernel:2.6.16.3

* cpe:/o:linux:kernel:2.6.16.30

* cpe:/o:linux:kernel:2.6.16.31

* cpe:/o:linux:kernel:2.6.16.31:-rc3

* cpe:/o:linux:kernel:2.6.16.31:-rc2

* cpe:/o:linux:kernel:2.6.16.31:-rc4

* cpe:/o:linux:kernel:2.6.16.31:-rc1

* cpe:/o:linux:kernel:2.6.11.6

* cpe:/o:linux:kernel:2.6.16.31:-rc5 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Resource Management Errors (CWE-399)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2844