[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1046Date: (C)2009-03-23   (M)2024-02-22


The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.7
Exploit Score: 3.4
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
BID-33672
SECUNIA-34917
SECUNIA-34981
SECUNIA-35121
DSA-1787
DSA-1800
RHSA-2009:0451
USN-751-1
http://lists.openwall.net/linux-kernel/2009/01/30/333
http://lists.openwall.net/linux-kernel/2009/02/02/364
http://www.securityfocus.com/bid/33672/info
http://www.securityfocus.com/bid/33672/info
http://www.securityfocus.com/bid/33672/info
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.4

CPE    5
cpe:/o:linux:linux_kernel:2.6.28
cpe:/o:linux:linux_kernel:2.6.28.1
cpe:/o:linux:linux_kernel:2.6.25
cpe:/o:linux:linux_kernel:2.6.28.3
...
CWE    1
CWE-399
OVAL    6
oval:org.mitre.oval:def:8117
oval:org.mitre.oval:def:8300
oval:org.secpod.oval:def:600287
oval:org.secpod.oval:def:400084
...

© SecPod Technologies