Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

SuSE Security Advisory SUSE-SA:2009:020 (udev)

Information

Severity

Severity

High

Family

Family

SuSE Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.2

CVSSv2 Vector

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

15 years ago

Modified

Modified

6 years ago

Share

Summary

The remote host is missing updates announced in advisory SUSE-SA:2009:020.

Insight

Insight

Sebastian Krahmer of SUSE Security identified a problem in udevd with handling of netlink messages. Local attackers could inject netlink messages due to a missing origin check where only the kernel should have been able to and so are able to escalate privileges. (CVE-2009-1185) Fixed packages have been released to address this issue for openSUSE 10.3-11.1, SUSE Linux Enterprise 10 SP2 and SUSE Linux Enterprise 11. SUSE Linux Enterprise Server 9 and Novell Linux Desktop 9 are not affected by this problem.

Solution

Solution

Update your system with the packages as indicated in the referenced security advisory. https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:020

Common Vulnerabilities and Exposures (CVE)