Vulnerability Name:

CVE-2009-3937 (CCN-54252)

Assigned:2009-11-10
Published:2009-11-10
Updated:2009-11-16
Summary:Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through snv_126 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors involving tcp_sendmsg processing "ancillary data."
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2009-3937

Source: CCN
Type: SECTRACK ID: 1023162
Solaris TCP Sockets Memory Leak Lets Local Users Deny Service

Source: CCN
Type: Sun Alert ID: 266488
Security Vulnerability in Solaris TCP sockets May Allow Unprivileged Users to Cause a Denial of Service (DoS) Condition

Source: SUNALERT
Type: UNKNOWN
266488

Source: MISC
Type: UNKNOWN
http://sunsolve.sun.com/search/document.do?assetkey=1-68-nv_osol0906u5-1

Source: CCN
Type: OSVDB ID: 60177
OpenSolaris TCP sockets tcp_sendmsg Ancillary Data Memory Consumption Local DoS

Source: BID
Type: UNKNOWN
36992

Source: CCN
Type: BID-36992
Sun Solaris TCP Sockets Local Denial Of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1023162

Source: VUPEN
Type: Vendor Advisory
ADV-2009-3213

Source: XF
Type: UNKNOWN
opensolaris-tcp-dos(54252)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sun:opensolaris:snv_106:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_107:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_108:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_109:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_110:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_111:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_112:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_113:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_114:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_115:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_116:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_117:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_118:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_119:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_120:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_121:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_122:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_123:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_124:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_125:*:*:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:snv_126:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:sun:opensolaris:build_snv_106::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_106::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_107::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_107::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_108::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_109::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_110::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_108::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_109::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_110::x86:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_111::sparc:*:*:*:*:*
  • OR cpe:/o:sun:opensolaris:build_snv_111::x86:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    sun opensolaris snv_106
    sun opensolaris snv_107
    sun opensolaris snv_108
    sun opensolaris snv_109
    sun opensolaris snv_110
    sun opensolaris snv_111
    sun opensolaris snv_112
    sun opensolaris snv_113
    sun opensolaris snv_114
    sun opensolaris snv_115
    sun opensolaris snv_116
    sun opensolaris snv_117
    sun opensolaris snv_118
    sun opensolaris snv_119
    sun opensolaris snv_120
    sun opensolaris snv_121
    sun opensolaris snv_122
    sun opensolaris snv_123
    sun opensolaris snv_124
    sun opensolaris snv_125
    sun opensolaris snv_126
    sun opensolaris build_snv_106
    sun opensolaris build_snv_106
    sun opensolaris build_snv_107
    sun opensolaris build_snv_107
    sun opensolaris build_snv_108
    sun opensolaris build_snv_109
    sun opensolaris build_snv_110
    sun opensolaris build_snv_108
    sun opensolaris build_snv_109
    sun opensolaris build_snv_110
    sun opensolaris build_snv_111
    sun opensolaris build_snv_111