CVE-2009-1185

Summary

CVE	CVE-2009-1185
State	PUBLISHED
Assigner	redhat
Source Priority	CVE Program / NVD first with legacy fallback
Published	2009-04-17 14:30:00 UTC
Updated	2026-04-23 00:35:47 UTC
Description	udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

Risk And Classification

Primary CVSS: v2.0 7.2 from [email protected]

AV:L/AC:L/Au:N/C:C/I:C/A:C

Problem Types: CWE-346 | n/a

CVSS v2.0 Breakdown

Access Vector

Local

Access Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	6.06	All	All	All
Operating System	Canonical	Ubuntu Linux	7.10	All	All	All
Operating System	Canonical	Ubuntu Linux	8.04	All	All	All
Operating System	Canonical	Ubuntu Linux	8.10	All	All	All
Operating System	Debian	Debian Linux	4.0	All	All	All
Operating System	Debian	Debian Linux	5.0	All	All	All
Operating System	Fedoraproject	Fedora	10	All	All	All
Operating System	Fedoraproject	Fedora	9	All	All	All
Application	Juniper	Ctpview	All	All	All	All
Application	Juniper	Ctpview	7.1	-	All	All
Application	Juniper	Ctpview	7.1	r1	All	All
Application	Juniper	Ctpview	7.2	-	All	All
Operating System	Opensuse	Opensuse	10.3	All	All	All
Operating System	Opensuse	Opensuse	11.0	All	All	All
Operating System	Opensuse	Opensuse	11.1	All	All	All
Application	Suse	Linux Enterprise Debuginfo	10	sp2	All	All
Application	Suse	Linux Enterprise Debuginfo	11	-	All	All
Operating System	Suse	Linux Enterprise Desktop	10	sp2	All	All
Operating System	Suse	Linux Enterprise Desktop	11	-	All	All
Operating System	Suse	Linux Enterprise Server	10	sp2	All	All
Operating System	Suse	Linux Enterprise Server	11	-	All	All
Application	Udev Project	Udev	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
[SECURITY] Fedora 10 Update: udev-127-5.fc10	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com	Mailing List, Third Party Advisory
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Third Party Advisory, VDB Entry
Fedora update for udev - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Not Applicable
Debian -- Security Information -- DSA-1772-1 udev	af854a3a-2127-422b-91ae-364da2661108	www.debian.org	Third Party Advisory
Ubuntu update for udev - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Not Applicable
Linux Kernel 2.6 UDEV < 141 Local Privilege Escalation Exploit	af854a3a-2127-422b-91ae-364da2661108	www.exploit-db.com	Exploit, Third Party Advisory, VDB Entry
Debian update for udev - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Not Applicable
Support / Security / Advisories / / MDVSA-2009:104 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com	Broken Link
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org	Broken Link
udev Netlink Message Validation Local Privilege Escalation Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Third Party Advisory, VDB Entry
Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com	Third Party Advisory
Advisories:rPSA-2009-0063 - rPath Wiki	af854a3a-2127-422b-91ae-364da2661108	wiki.rpath.com	Broken Link
[security-announce] SUSE Security Announcement: udev local privilege esc	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org	Mailing List, Third Party Advisory
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Third Party Advisory, VDB Entry
[Security-announce] VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl	af854a3a-2127-422b-91ae-364da2661108	lists.vmware.com	Third Party Advisory
Support / Security / Advisories / / MDVSA-2009:103 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com	Broken Link
VMware ESX Server update for udev, sudo, and curl - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Not Applicable
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com	Permissions Required
udev Denial of Service and Privilege Escalation - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Not Applicable
hotplug/udev.git - udev development tree	af854a3a-2127-422b-91ae-364da2661108	git.kernel.org
CVE-2009-1185	af854a3a-2127-422b-91ae-364da2661108	launchpad.net	Issue Tracking, Third Party Advisory
hotplug/udev.git - udev development tree	af854a3a-2127-422b-91ae-364da2661108	git.kernel.org
USN-758-1: udev vulnerabilities \| Ubuntu	af854a3a-2127-422b-91ae-364da2661108	www.ubuntu.com	Third Party Advisory
Gentoo update for udev - Secunia Advisories - Vulnerability Information - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Not Applicable
[SECURITY] Fedora 9 Update: udev-124-4.fc9	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com	Mailing List, Third Party Advisory
Advisories:rPSA-2009-0063 - rPath Wiki	af854a3a-2127-422b-91ae-364da2661108	wiki.rpath.com	Broken Link
Webmail - OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com	Permissions Required
VMSA-2009-0009	af854a3a-2127-422b-91ae-364da2661108	www.vmware.com	Third Party Advisory
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org	Third Party Advisory
Gentoo Linux Documentation -- udev: Multiple vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.gentoo.org	Third Party Advisory
Slackware update for udev - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Not Applicable
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView	af854a3a-2127-422b-91ae-364da2661108	kb.juniper.net	Third Party Advisory
The Slackware Linux Project: Slackware Security Advisories	af854a3a-2127-422b-91ae-364da2661108	slackware.com	Mailing List, Third Party Advisory
Bug 495051 – CVE-2009-1185 udev: Uncheck origin of NETLINK messages	af854a3a-2127-422b-91ae-364da2661108	bugzilla.redhat.com	Issue Tracking, Patch, Third Party Advisory
SUSE update for udev - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Not Applicable
rPath update for udev - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Not Applicable
[security-announce] SUSE Security Announcement: udev local root exploit	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org	Mailing List, Third Party Advisory
2015-07 Security Bulletin: CTPView: Multiple vulnerabilities in CTPView - Juniper Networks	af854a3a-2127-422b-91ae-364da2661108	kb.juniper.net	Third Party Advisory
udev NETLINK Message Validation Error Lets Local Users Gain Elevated Privileges - SecurityTracker	af854a3a-2127-422b-91ae-364da2661108	www.securitytracker.com	Broken Link, Third Party Advisory, VDB Entry
hotplug/udev.git - udev development tree	MITRE	git.kernel.org
hotplug/udev.git - udev development tree	MITRE	git.kernel.org
Red Hat Customer Portal	MITRE	access.redhat.com
access.redhat.com \| CVE-2009-1185	MITRE	access.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2009-04-20	Tomas Hoger	This issue has been fixed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2009-0427.html . udev packages as shipped in Red Hat Enterprise Linux 4 were not affected by this flaw, as they do not use netlink sockets for communication. udev is not shipped in Red Hat Enterprise Linux 2.1 and 3.

There are currently no legacy QID mappings associated with this CVE.