Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2009-3002

EPSS 0.30% · P54
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-3002

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux Kernel .getname函数多个信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。 Linux Kernel的getname函数没有正确地初始化某些数据结构,本地用户可以通过对AF_APPLETALK、AF_IRDA、AF_ECONET、AF_NETROM、AF_ROSE、原始CAN等套接字执行getsockname调用读取部分内核内存的内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2009-3002

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2009-3002

登录查看更多情报信息。

Same Patch Batch · n/a · 2009-08-28 · 25 CVEs total

CVE-2008-7119Webidsupport WeBid 'item.php'多个输入验证漏洞
CVE-2009-3008christophe_thibault k-meleon 漏洞
CVE-2009-3007Mozilla多个浏览器任意文件查看漏洞
CVE-2009-3006Maxthon浏览器 安全漏洞漏洞
CVE-2009-3005lunascape 漏洞
CVE-2009-3004avant_force avant_browser 漏洞
CVE-2009-3003microsoft internet_explorer 漏洞
CVE-2009-3001Linux Kernel 'net/llc/af_llc.c' 本地信息泄露漏洞
CVE-2009-3000Sun Solaris 'sockfs' Kernel Module 远程拒绝服务漏洞
CVE-2009-2695Linux Kernel mmap_min_addr低内存区空指针引用漏洞
CVE-2008-7121mrcgiguy hot_links_sql-php 跨站脚本攻击漏洞
CVE-2008-7120Mrcgiguy Hot Links SQL-PHP 'news.php' SQL注入漏洞
CVE-2008-7107ESET Smart Security 'easdrv.sys' 本地特权提升漏洞
CVE-2008-7118Webidsupport WeBid多个输入验证漏洞
CVE-2008-7117Webidsupport WeBid 'eledicss.php'多个输入验证漏洞
CVE-2008-7116Webidsupport WeBid多个输入验证漏洞
CVE-2008-7115Belkin F5D7632-4V6 Wireless G Router 多个身份认证绕过漏洞
CVE-2008-7114Ifusionservices iFdate 'members_search.php' SQL注入漏洞
CVE-2008-7113Kyocera Mita 扫描文件应用程序暴力破解漏洞
CVE-2008-7112Kyocera Mita扫描文件应用程序拒绝服务漏洞

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2009-3002

No comments yet

Leave a comment