Vulnerability CVE-2009-2698 - CERT Civis.Net

Vulnerability Name:

CVE-2009-2698 (CCN-52941)

Assigned:

2009-08-24

Published:

2009-08-24

Updated:

2019-09-05

Summary:

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
6.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.4 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.2 High (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
6.1 Medium (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2009-2698

Source: CCN
Type: Linux Kernel GIT Repository
[UDP]: Fix MSG_PROBE crash

Source: CONFIRM
Type: Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e0c14f49d6b393179f423abbac47f85618d3d46

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SA:2009:046

Source: CCN
Type: RHSA-2009-1222
Important: kernel security and bug fix update

Source: REDHAT
Type: Vendor Advisory
RHSA-2009:1222

Source: CCN
Type: RHSA-2009-1223
Important: kernel security update

Source: REDHAT
Type: Vendor Advisory
RHSA-2009:1223

Source: CCN
Type: RHSA-2009-1233
Important: kernel security update

Source: CCN
Type: RHSA-2009-1457
Important: kernel security update

Source: CCN
Type: RHSA-2009-1469
Important: kernel security update

Source: CCN
Type: SA23073
Linux Kernel "get_fdb_entries()" Integer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
23073

Source: SECUNIA
Type: Vendor Advisory
36430

Source: SECUNIA
Type: Vendor Advisory
36510

Source: SECUNIA
Type: Vendor Advisory
37105

Source: CCN
Type: SA37298
Avaya Products Linux Kernel Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
37298

Source: SECUNIA
Type: Vendor Advisory
37471

Source: CCN
Type: SECTRACK ID: 1022761
Linux Kernel Null Pointer Dereference in udp_sendmsg() Lets Local Users Gain Elevated Privileges

Source: CCN
Type: ASA-2009-464
kernel security update (RHSA-2009-1469)

Source: CONFIRM
Type: Third Party Advisory
http://support.avaya.com/css/P8/documents/100067254

Source: DEBIAN
Type: DSA-1872
linux-2.6 -- denial of service/privilege escalation/information leak

Source: CONFIRM
Type: Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19

Source: MANDRIVA
Type: Third Party Advisory
MDVSA-2011:051

Source: MLIST
Type: Mailing List
[oss-security] 20090825 CVE-2009-2698 kernel: udp socket NULL ptr dereference

Source: REDHAT
Type: Third Party Advisory
RHSA-2009:1233

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel

Source: BID
Type: Exploit, Patch, Third Party Advisory, VDB Entry
36108

Source: CCN
Type: BID-36108
Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1022761

Source: CCN
Type: TLSA-2009-28
Security and drivers update

Source: CCN
Type: USN-852-1
Linux kernel vulnerabilities

Source: UBUNTU
Type: Third Party Advisory
USN-852-1

Source: CONFIRM
Type: Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Source: VUPEN
Type: Permissions Required
ADV-2009-3316

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=518034

Source: XF
Type: UNKNOWN
kernel-udp-privilege-escalation(52941)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:11514

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:8557

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:9142

Source: SUSE
Type: SUSE-SA:2009:046
Linux kernel security problem

Vulnerable Configuration:

Configuration 1:

cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version < 2.6.19)

Configuration 2:

cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.14.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.15.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.11:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.15:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.14:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.18:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.9:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.8:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.7:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.11:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.10:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.9:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.8:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.7:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.27:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.15:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.14:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.13:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.12:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.10:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.15.7:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.15.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.15.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.15.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.15.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.15.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.14.7:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.14.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.14.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.14.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.14.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.13.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.12:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.13:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.17.14:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.18.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.18.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.18.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.18.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.25:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.26:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.28:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.29:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.30:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.31:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.32:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.33:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.34:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.35:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.36:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.37:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.38:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.39:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.40:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.41:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.43:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.44:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.45:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.46:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.47:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.48:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.49:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.50:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.51:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.52:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.53:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.18.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.18.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.18.7:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.18.8:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.42:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.57:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.56:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.55:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.54:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.61:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.62:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.60:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.59:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.16.58:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.0:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.1:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.10:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.11:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.11.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.11.10:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.11.11:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.11.12:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.11.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.11.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.11.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.11.9:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.12.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.12.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.12.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.12.4:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.12.5:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.12.6:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.13:-:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.13.1:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.13.2:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.13.3:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:2.6.13.4:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20092698	V	CVE-2009-2698	2017-09-27
oval:org.mitre.oval:def:28627	P	RHSA-2009:1222 -- kernel security and bug fix update (Important)	2015-08-17
oval:org.mitre.oval:def:13527	P	USN-852-1 -- linux, linux-source-2.6.15 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:8168	P	DSA-1872 linux-2.6 -- denial of service/privilege escalation/information leak	2014-06-23
oval:org.mitre.oval:def:13505	P	DSA-1872-1 linux-2.6 -- denial of service/privilege escalation/information leak	2014-06-23
oval:org.mitre.oval:def:22460	P	ELSA-2009:1222: kernel security and bug fix update (Important)	2014-05-26
oval:org.mitre.oval:def:8557	V	VMware kernel udp_sendmsg function vulnerability	2014-01-20
oval:org.mitre.oval:def:9142	V	The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.	2013-04-29
oval:org.mitre.oval:def:11514	V	Service Console update for COS kernel	2010-08-23
oval:com.redhat.rhsa:def:20091233	P	RHSA-2009:1233: kernel security update (Important)	2009-08-27
oval:com.redhat.rhsa:def:20091222	P	RHSA-2009:1222: kernel security and bug fix update (Important)	2009-08-24
oval:com.redhat.rhsa:def:20091223	P	RHSA-2009:1223: kernel security update (Important)	2009-08-24
oval:org.debian:def:1872	V	denial of service/privilege escalation/information leak	2009-08-24