Lucene search

[email protected]CVE-2009-1633

HistoryMay 28, 2009 - 8:30 p.m.

CVE-2009-1633

2009-05-2820:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve

2009

1633

buffer overflow

cifs subsystem

linux kernel

denial of service

memory corruption

unicode string

nvd

vulnerability

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.0%

JSON

Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.

Affected configurations

NVD

Node

linuxlinux_kernelRange<2.6.29.4

Node

debiandebian_linuxMatch4.0

debiandebian_linuxMatch5.0

Node

canonicalubuntu_linuxMatch6.06lts

canonicalubuntu_linuxMatch8.04lts

canonicalubuntu_linuxMatch8.10

canonicalubuntu_linuxMatch9.04

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt2.6.29.4

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	2.6.29.4

References

git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git%3Ba=commit%3Bh=7b0c8fcff47a885743125dd843db64af41af5a61

git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git%3Ba=commit%3Bh=968460ebd8006d55661dec0fb86712b40d71c413

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=27b87fe52baba0a55e9723030e76fce94fabcea4

lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html

lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html

lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

marc.info/?l=oss-security&m=124099284225229&w=2

marc.info/?l=oss-security&m=124099371726547&w=2

secunia.com/advisories/35217

secunia.com/advisories/35226

secunia.com/advisories/35298

secunia.com/advisories/35656

secunia.com/advisories/35847

secunia.com/advisories/36051

secunia.com/advisories/36327

secunia.com/advisories/37351

secunia.com/advisories/37471

wiki.rpath.com/Advisories:rPSA-2009-0111

www.debian.org/security/2009/dsa-1809

www.debian.org/security/2009/dsa-1844

www.debian.org/security/2009/dsa-1865

www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.4

www.mandriva.com/security/advisories?name=MDVSA-2009:148

www.openwall.com/lists/oss-security/2009/05/14/1

www.openwall.com/lists/oss-security/2009/05/14/4

www.openwall.com/lists/oss-security/2009/05/15/2

www.redhat.com/support/errata/RHSA-2009-1157.html

www.securityfocus.com/archive/1/505254/100/0/threaded

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/34612

www.ubuntu.com/usn/usn-793-1

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/3316

bugzilla.redhat.com/show_bug.cgi?id=496572

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8588

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9525

www.redhat.com/archives/fedora-package-announce/2009-May/msg01126.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg01271.html

Social References

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.0%

JSON

Related for CVE-2009-1633

ubuntucve1 veracode1 prion1 seebug1 cvelist1 nvd1 nessus21 redhat3 oraclelinux3 securityvulns4 openvas30 osv3 debian3 fedora2 centos1 suse3 ubuntu1 vmware2