CVE-2009-3621

MEDIUM

Linux Kernel < 2.6.31.4 - Denial of Service

Title source: rule

Description

net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tomoki Sekiyama · cdoslinux

https://www.exploit-db.com/exploits/10022

View Code ZIP pw:eip

References (26)

[Patch] http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=77238f2b942b38ab4e7f3aced44084493e4a8675

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html

[Mailing List, Third Party Advisory] http://lists.vmware.com/pipermail/security-announce/2010/000082.html

[Mailing List, Third Party Advisory] http://lkml.org/lkml/2009/10/19/50

[Exploit, Mailing List, Third Party Advisory] http://patchwork.kernel.org/patch/54678/

[Broken Link] http://secunia.com/advisories/37086

[Broken Link] http://secunia.com/advisories/37909

[Broken Link] http://secunia.com/advisories/38017

[Broken Link] http://secunia.com/advisories/38794

[Broken Link] http://secunia.com/advisories/38834

[Broken Link] http://www.mandriva.com/security/advisories?name=MDVSA-2009:329

[Exploit, Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2009/10/19/2

[Exploit, Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2009/10/19/4

[Broken Link] http://www.redhat.com/support/errata/RHSA-2009-1670.html

[Broken Link] http://www.redhat.com/support/errata/RHSA-2009-1671.html

[Third Party Advisory] http://www.ubuntu.com/usn/usn-864-1

... and 6 more

Scores

CVSS v3 5.5

EPSS 0.0007

EPSS Percentile 21.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (13)

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 8.04

canonical/ubuntu_linux 8.10

canonical/ubuntu_linux 9.04

canonical/ubuntu_linux 9.10

fedoraproject/fedora 10

linux/linux_kernel < 2.6.31.4

opensuse/opensuse 11.0

opensuse/opensuse 11.2

suse/suse_linux_enterprise_desktop 10 sp2 (2 CPE variants)

... and 3 more

Published Oct 22, 2009

Tracked Since Feb 18, 2026