PublicDateAtUSN: 2009-11-06
Candidate: CVE-2009-3725
PublicDate: 2009-11-06 15:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3725
 https://ubuntu.com/security/notices/USN-864-1
Description:
 The connector layer in the Linux kernel before 2.6.31.5 does not require
 the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb,
 (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to
 bypass intended access restrictions and gain privileges via calls to
 functions in these subsystems.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_linux-source-2.6.15:
upstream_linux-source-2.6.15: needs-triage
dapper_linux-source-2.6.15: not-affected
hardy_linux-source-2.6.15: DNE
intrepid_linux-source-2.6.15: DNE
jaunty_linux-source-2.6.15: DNE
karmic_linux-source-2.6.15: DNE
devel_linux-source-2.6.15: DNE

Patches_linux:
upstream_linux: released (2.6.32)
dapper_linux: DNE
hardy_linux: released (2.6.24-26.64)
intrepid_linux: released (2.6.27-16.44)
jaunty_linux: released (2.6.28-17.58)
karmic_linux: released (2.6.31-16.52)
devel_linux: not-affected (2.6.32-3.4)