CVE-2009-2903

Description

Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams.

CVSS Metrics

• v2.0•HIGH•Score: 7.1AV:N/AC:M/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 3.77%• Percentile: 88%

Techniques & Countermeasures

• CWE-772•Missing Release of Resource after Effective Lifetime

  The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Affected Systems

• canonical•ubuntu_linux

  6.06 | 8.04 | 8.10 | 9.04

• linux•linux_kernel

  ≥ 2.4.0, ≤ 2.4.37.6 | ≥ 2.6.0, ≤ 2.6.31

• suse•linux_enterprise_debuginfo

  10:sp2 | 10:sp3

• suse•linux_enterprise_desktop

  10:sp2 | 10:sp3

• suse•linux_enterprise_server

  9 | 10:sp2 | 10:sp3

• suse•linux_enterprise_software_development_kit

  10:sp2 | 10:sp3

References (15)

• http://www.openwall.com/lists/oss-security/2009/09/17/11
• http://www.securityfocus.com/bid/36379
• http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
• http://www.ubuntu.com/usn/USN-852-1
• http://secunia.com/advisories/36707
• https://bugzilla.redhat.com/show_bug.cgi?id=522331
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:329
• http://www.openwall.com/lists/oss-security/2009/09/14/1
• http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
• http://secunia.com/advisories/37909
• http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
• http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git%3Ba=commit%3Bh=ffcfb8db540ff879c2a85bf7e404954281443414
• http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
• http://secunia.com/advisories/37105
• http://www.openwall.com/lists/oss-security/2009/09/14/2