CVE-2009-3725 | Vulnerability Database | Aqua Security

The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems.

Affected Software

Name	Vendor	Start Version	End Version
Linux_kernel	Linux	*	*

References

http://xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/
http://www.securityfocus.com/bid/36834
http://marc.info/?l=oss-security\u0026m=125715484511380\u0026w=2
http://marc.info/?l=oss-security\u0026m=125716192622235\u0026w=2
http://secunia.com/advisories/37113
http://patchwork.kernel.org/patch/51384/
http://patchwork.kernel.org/patch/51387/
http://patchwork.kernel.org/patch/51382/
http://marc.info/?l=linux-kernel\u0026m=125449888416314\u0026w=2
http://patchwork.kernel.org/patch/51383/
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5
http://www.ubuntu.com/usn/usn-864-1
http://secunia.com/advisories/38905

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-3725
CWE	https://cwe.mitre.org/data/definitions/264.html