Lucene search

MitreCVE-2009-1250

HistoryApr 09, 2009 - 12:30 a.m.

CVE-2009-1250

2009-04-0900:30:00

CWE-189

mitre

web.nvd.nist.gov

openafs

ibm afs

denial of service

system crash

cve-2009-1250

nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

AI Score

6.2

Confidence

Low

EPSS

0.043

Percentile

92.3%

JSON

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro.

Affected configurations

Nvd

Node

ibmafsRange≤3.6patch18

ibmafsMatch3.6

ibmafsMatch3.6patch12

ibmafsMatch3.6patch13

ibmafsMatch3.6patch14

ibmafsMatch3.6patch15

ibmafsMatch3.6patch16

openafsopenafsMatch1.0

openafsopenafsMatch1.0.1

openafsopenafsMatch1.0.2

openafsopenafsMatch1.0.3

openafsopenafsMatch1.0.4

openafsopenafsMatch1.0.4a

openafsopenafsMatch1.1

openafsopenafsMatch1.1.0

openafsopenafsMatch1.1.1

openafsopenafsMatch1.1.1a

openafsopenafsMatch1.2

openafsopenafsMatch1.2.1

openafsopenafsMatch1.2.2

openafsopenafsMatch1.2.2a

openafsopenafsMatch1.2.2b

openafsopenafsMatch1.2.3

openafsopenafsMatch1.2.4

openafsopenafsMatch1.2.5

openafsopenafsMatch1.2.6

openafsopenafsMatch1.2.7

openafsopenafsMatch1.2.8

openafsopenafsMatch1.2.9

openafsopenafsMatch1.2.10

openafsopenafsMatch1.2.11

openafsopenafsMatch1.2.13

openafsopenafsMatch1.3

openafsopenafsMatch1.3.1

openafsopenafsMatch1.3.2

openafsopenafsMatch1.3.5

openafsopenafsMatch1.3.70

openafsopenafsMatch1.3.74

openafsopenafsMatch1.3.77

openafsopenafsMatch1.3.81

openafsopenafsMatch1.4

openafsopenafsMatch1.4.0

openafsopenafsMatch1.4.3

openafsopenafsMatch1.4.4

openafsopenafsMatch1.4.5

openafsopenafsMatch1.4.6

openafsopenafsMatch1.4.7

openafsopenafsMatch1.4.7_pre1

openafsopenafsMatch1.4.7_pre2

openafsopenafsMatch1.4.7_pre3

openafsopenafsMatch1.4.7_pre4

openafsopenafsMatch1.4.7_pre5

openafsopenafsMatch1.4.8

openafsopenafsMatch1.4.8_pre1

openafsopenafsMatch1.4.8_pre2

openafsopenafsMatch1.4.8_pre3

openafsopenafsMatch1.5

openafsopenafsMatch1.5.16

openafsopenafsMatch1.5.17

openafsopenafsMatch1.5.26

openafsopenafsMatch1.5.27

openafsopenafsMatch1.5.30

openafsopenafsMatch1.5.31

openafsopenafsMatch1.5.32

openafsopenafsMatch1.5.33

openafsopenafsMatch1.5.34

openafsopenafsMatch1.5.35

openafsopenafsMatch1.5.36

openafsopenafsMatch1.5.38

openafsopenafsMatch1.5.39

openafsopenafsMatch1.5.50

openafsopenafsMatch1.5.52

openafsopenafsMatch1.5.53

openafsopenafsMatch1.5.54

openafsopenafsMatch1.5.55

openafsopenafsMatch1.5.56

openafsopenafsMatch1.5.57

openafsopenafsMatch1.5.58

AND

linuxlinux_kernel

VendorProductVersionCPE
ibmafs*cpe:2.3:a:ibm:afs:*:patch18:*:*:*:*:*:*
ibmafs3.6cpe:2.3:a:ibm:afs:3.6:*:*:*:*:*:*:*
ibmafs3.6cpe:2.3:a:ibm:afs:3.6:patch12:*:*:*:*:*:*
ibmafs3.6cpe:2.3:a:ibm:afs:3.6:patch13:*:*:*:*:*:*
ibmafs3.6cpe:2.3:a:ibm:afs:3.6:patch14:*:*:*:*:*:*
ibmafs3.6cpe:2.3:a:ibm:afs:3.6:patch15:*:*:*:*:*:*
ibmafs3.6cpe:2.3:a:ibm:afs:3.6:patch16:*:*:*:*:*:*
openafsopenafs1.0cpe:2.3:a:openafs:openafs:1.0:*:*:*:*:*:*:*
openafsopenafs1.0.1cpe:2.3:a:openafs:openafs:1.0.1:*:*:*:*:*:*:*
openafsopenafs1.0.2cpe:2.3:a:openafs:openafs:1.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	afs	*	cpe:2.3:a:ibm:afs::patch18::::::*
ibm	afs	3.6	cpe:2.3:a:ibm:afs:3.6:::::::*
ibm	afs	3.6	cpe:2.3:a:ibm:afs:3.6:patch12::::::
ibm	afs	3.6	cpe:2.3:a:ibm:afs:3.6:patch13::::::
ibm	afs	3.6	cpe:2.3:a:ibm:afs:3.6:patch14::::::
ibm	afs	3.6	cpe:2.3:a:ibm:afs:3.6:patch15::::::
ibm	afs	3.6	cpe:2.3:a:ibm:afs:3.6:patch16::::::
openafs	openafs	1.0	cpe:2.3:a:openafs:openafs:1.0:::::::*
openafs	openafs	1.0.1	cpe:2.3:a:openafs:openafs:1.0.1:::::::*
openafs	openafs	1.0.2	cpe:2.3:a:openafs:openafs:1.0.2:::::::*