CVE-2009-2793

The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/archive/1/506531/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:netbsd:netbsd::::::::
	cpe:2.3:o:netbsd:netbsd:0.8:::::::*
	cpe:2.3:o:netbsd:netbsd:0.9:::::::*
	cpe:2.3:o:netbsd:netbsd:1.0:::::::*
	cpe:2.3:o:netbsd:netbsd:1.1:::::::*
	cpe:2.3:o:netbsd:netbsd:1.2:::::::*
	cpe:2.3:o:netbsd:netbsd:1.2.1:::::::*
	cpe:2.3:o:netbsd:netbsd:1.3:::::::*
	cpe:2.3:o:netbsd:netbsd:1.3.1:::::::*
	cpe:2.3:o:netbsd:netbsd:1.3.2:::::::*
	cpe:2.3:o:netbsd:netbsd:1.3.3:::::::*
	cpe:2.3:o:netbsd:netbsd:1.5:::::::*
	cpe:2.3:o:netbsd:netbsd:1.5.1:::::::*
	cpe:2.3:o:netbsd:netbsd:1.5.2:::::::*
	cpe:2.3:o:netbsd:netbsd:1.5.3:::::::*
	cpe:2.3:o:netbsd:netbsd:1.6:::::::*
	cpe:2.3:o:netbsd:netbsd:1.6.1:::::::*
	cpe:2.3:o:netbsd:netbsd:1.6.2:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0.1:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0.2:::::::*
	cpe:2.3:o:netbsd:netbsd:2.0.3:::::::*
	cpe:2.3:o:netbsd:netbsd:2.1:::::::*
	cpe:2.3:o:netbsd:netbsd:3.0:::::::*
	cpe:2.3:o:netbsd:netbsd:3.0.1:::::::*
	cpe:2.3:o:netbsd:netbsd:3.0.2:::::::*
	cpe:2.3:o:netbsd:netbsd:3.1:::::::*
	cpe:2.3:o:netbsd:netbsd:4.0:::::::*
	cpe:2.3:o:netbsd:netbsd:4.0.1:::::::*
	cpe:2.3:o:netbsd:netbsd:5.0:::::::*

History

No history.

Information

Published : 2009-09-18 22:30

Updated : 2023-12-10 10:51

NVD link : CVE-2009-2793

Mitre link : CVE-2009-2793

CVE.ORG link : CVE-2009-2793

JSON object : View

Products Affected

netbsd

netbsd

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2009-2793", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2009-09-18T22:30:00.530", "references": [{"url": "http://www.securityfocus.com/archive/1/506531/100/0/threaded", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits."}, {"lang": "es", "value": "El kernel en NetBSD, posiblemente 5.0.1 y anteriores, en plataformas x86 no gestiona adecuadamente el fallo de preasignaci\u00f3n de la instrucci\u00f3n \"iret\", lo que permitir\u00eda a usuarios locales conseguir privilegios a trav\u00e9s de vectores relacionados con la variable de pseudoc\u00f3digo tempEIP que esta fuera de los limites de segmento de c\u00f3digo."}], "lastModified": "2018-10-10T19:42:12.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABB5BE84-628A-4845-92C7-E20ADEE7E904", "versionEndIncluding": "5.0.1"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "555181C9-75B1-427B-BF36-47C7D969DCC5"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAC89BD6-8376-4C8D-A120-1430D8CA113F"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DF613C9-DC4A-45F0-BEE1-8450762B0089"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "441CEF2E-9687-4930-8536-B8B83018BD28"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55DD3C82-0B7D-4B25-B603-AD6C6D59239A"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC7A39CD-C4B2-4FD9-A450-E5C7A5480174"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CBA1B13-B378-4F13-BD13-EC58F15F5C81"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8C8CAB1-2D8C-4875-A795-41178D48410F"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D3C937A-E9D8-474A-ABEB-A927EF7CC5B0"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A8F8DE7-7A84-4350-A6D8-FCCB561D63B2"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E10D9BF9-FCC7-4680-AD3A-95757FC005EA"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78E8C3A4-9FA7-4F2A-8C65-D4404715E674"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBA2E3A3-EB9B-4B20-B754-EEC914FB1D47"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AC78BA4-70F4-4B9F-93C2-B107E4DCC418"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28A10F5A-067E-4DD8-B585-ABCD6F6B324E"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "249FA642-3732-4654-88CB-3F1D19A5860A"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5071CA39-65B3-4AFB-8898-21819E57A084"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3C3F588-98DA-4F6F-A083-2B9EE534C561"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C2ED81B-8DA2-46D0-AE24-C61BF8E78AE9"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D18C95A3-15E3-41B8-AC28-ACEA57021E24"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CFC6B75-9057-4E58-A4D4-8AEC12AE62E4"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28BD9F91-2384-4557-9648-25FC00D04677"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9CABFAA-594C-45D7-A0C7-795872A0C68A"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F9432E9-AACA-4242-BDAB-8792ACF72C12"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29C02C6B-AAFD-4594-94A4-F26BA3648CB0"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57C533D7-771E-4E33-A4FE-764C0B73F920"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9875E709-11BA-4B8F-A2FC-26844DD4D563"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49AF042F-5047-4FA2-B20C-65B2C6EBEA5C"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00564BAA-066A-4627-B6A8-78724E55D363"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}