CVE-2009-2698

Home/CVE/The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel befo

CVE

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel befo

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.

HIGH · CVSS 7.8 EPSS 0.26117

Act now

EPSS ≥ 0.10 - elevated exploitation probability
EPSS percentile: top 4% of all CVEs by exploitation likelihood
Public exploit or PoC is available
CVSS base score ≥ 7.0

Sigma rules8 YARA rules0

⬡

Weakness Classification

CWE-476NULL Pointer Dereference

▤

Affected Products & Versions

linux kernel< 2.6.19
canonical ubuntu linuxall versions
suse linux enterprise desktopall versions
suse linux enterprise serverall versions
fedoraproject fedoraall versions
redhat enterprise linux desktopall versions
redhat enterprise linux eusall versions
redhat enterprise linux serverall versions
Show all 12 affected productsredhat enterprise linux server ausall versions
redhat enterprise linux workstationall versions
vmware vcenter serverall versions
vmware esxiall versions

⚠

Public Exploits & PoCs

localLinux Kernel < 2.6.19 (Debian 4) - 'udp_sendmsg' Local Privilege Escalation (3)verified
localLinux Kernel < 2.6.19 (x86/x64) - 'udp_sendmsg' Local Privilege Escalation (2)verified
localLinux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1)verified
pocwww.securityfocus.com · 36108www.securityfocus.com

◈

Sigma Hunt Rules

Exact rules name this CVE ID. Product rules name an affected product in their title. Related rules cover techniques used by actors who exploited this CVE. Showing the most relevant matches; the complete related set is on the full drill-down.

producthighESXi Admin Permission Assigned To Account Via ESXCLI

productmediumESXi Storage Information Discovery Via ESXCLI

productmediumESXi Network Configuration Discovery Via ESXCLI

productmediumESXi VSAN Information Discovery Via ESXCLI

productmediumESXi System Information Discovery Via ESXCLI

productmediumESXi VM Kill Via ESXCLI

Show all 8 top matches

productmediumESXi Syslog Configuration Change Via ESXCLI

productmediumESXi VM List Discovery Via ESXCLI

▣

Scoring & Timeline

7.8

HIGH · CVSS v3.1 · cve@mitre.org

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD27 Aug 2009 · 05:30 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

⚑

Vendor Advisories

usnUSN-852-1
rhsaRHSA-2009:1469Important
rhsaRHSA-2009:1457Important
rhsaRHSA-2009:1223Important
rhsaRHSA-2009:1233Important
Show all 6 vendor advisoriesrhsaRHSA-2009:1222Important

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.gitBroken Link

http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.htmlMailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2009-1222.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2009-1223.htmlThird Party Advisory

http://secunia.com/advisories/23073Broken LinkVendor Advisory

http://secunia.com/advisories/36430Broken LinkVendor Advisory

Show all 25 references

http://secunia.com/advisories/36510Broken LinkVendor Advisory

http://secunia.com/advisories/37105Broken LinkVendor Advisory

http://secunia.com/advisories/37298Broken LinkVendor Advisory

http://secunia.com/advisories/37471Broken LinkVendor Advisory

http://support.avaya.com/css/P8/documents/100067254Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19Broken LinkVendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:051Broken LinkThird Party Advisory

http://www.openwall.com/lists/oss-security/2009/08/25/1Mailing List

http://www.redhat.com/support/errata/RHSA-2009-1233.htmlBroken LinkThird Party Advisory

http://www.securityfocus.com/archive/1/507985/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/512019/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1022761Broken LinkThird Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-852-1Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlThird Party Advisory

http://www.vupen.com/english/advisories/2009/3316Permissions Required

https://bugzilla.redhat.com/show_bug.cgi?id=518034Issue TrackingThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11514Broken LinkThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8557Broken LinkThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9142Broken LinkThird Party Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin