Linux Kernel 2.6.x contains a flaw that may allow a local denial of service or privilege escalation. The issue is triggered within the "pipe_rdwr_open()", "pipe_write_open()", and "pipe_read_open()" functions in "fs/pipe.c". This can be exploited to cause a NULL pointer deference by performing certain pipe operations.

Upgrade to version 2.6.32-rc6 or higher, as it has been reported that this has been fixed. Additionally, it is possible to temporarily work around the flaw by implementing the following workaround: http://bugzilla.kernel.org/attachment.cgi?id=23426

• Exploit Database: 10018 9844
• CVE ID: 2009-3547 (see also: NVD)
• Bugtraq ID: 36901
• Secunia Advisory ID: 37223 37230 37233 37243 37251 37252 37266 37282 37293 37295 37296 37302 37351 37371 37389 37404 37407 37521 37618 37784 38017 38584 38794 38834 40368 42996
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0106.html
  http://marc.info/?l=oss-security&m=125724568017045&w=2
  http://seclists.org/bugtraq/2012/Nov/119
  http://seclists.org/oss-sec/2009/q4/124
• Vendor Specific News/Changelog Entry: http://bugzilla.kernel.org/show_bug.cgi?id=14416
  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad3960243e55320d74195fb85c975e0a8cc4466c
  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ad3960243e55320d74195fb85c975e0a8cc4466c
  http://lists.debian.org/debian-security-announce/2009/msg00251.html
  http://lists.debian.org/debian-security-announce/2009/msg00252.html
  http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
  http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00006.html
  http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
  http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00001.html
  http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
  http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
  http://lists.vmware.com/pipermail/security-announce/2010/000082.html
  http://lists.vmware.com/pipermail/security-announce/2010/000098.html
  http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6
  https://bugzilla.redhat.com/show_bug.cgi?id=530490
  https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-December/001005.html
  https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00178.html
  https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html
• Other Advisory URL: http://lkml.org/lkml/2009/10/14/184
  http://lkml.org/lkml/2009/10/21/42
  http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.7
• Packet Storm: http://packetstormsecurity.org/files/118507/Symantec-Messaging-Gateway-Backdoor-Privilege-Escalation.html
• Vendor Specific Advisory URL: http://rhn.redhat.com/errata/RHSA-2009-1541.html
  http://www.us.debian.org/security/2009/dsa-1927
  http://www.us.debian.org/security/2009/dsa-1929
  https://rhn.redhat.com/cve/CVE-2009-3547.html
  https://rhn.redhat.com/errata/RHSA-2009-1540.html
  https://rhn.redhat.com/errata/RHSA-2009-1548.html
  https://rhn.redhat.com/errata/RHSA-2009-1550.html
• News Article: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/
• RedHat RHSA: https://rhn.redhat.com/errata/RHSA-2009-1587.html
  https://rhn.redhat.com/errata/RHSA-2009-1588.html
  https://rhn.redhat.com/errata/RHSA-2009-1672.html
  RHSA-2009:1540 RHSA-2009:1541 RHSA-2009:1548 RHSA-2009:1550

Unknown or Incomplete