[Forgot Password]
Login  Register Subscribe

23631

 
 

115036

 
 

95906

 
 

909

 
 

77949

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-1633

Date: (C)2009-05-28   (M)2017-10-04
 
CVSS Score: 7.1Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 6.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: COMPLETE











Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.

Reference:
http://www.securityfocus.com/archive/1/archive/1/505254/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
BID-34612
SECUNIA-35217
SECUNIA-35226
SECUNIA-35298
SECUNIA-35656
SECUNIA-35847
SECUNIA-36051
SECUNIA-36327
SECUNIA-37351
SECUNIA-37471
ADV-2009-3316
DSA-1809
DSA-1844
DSA-1865
FEDORA-2009-5356
FEDORA-2009-5383
MDVSA-2009:148
RHSA-2009:1157
SUSE-SA:2009:054
SUSE-SA:2009:056
SUSE-SA:2010:012
USN-793-1
http://marc.info/?l=oss-security&m=124099371726547&w=2
http://www.openwall.com/lists/oss-security/2009/05/14/4
http://www.openwall.com/lists/oss-security/2009/05/14/1
http://www.openwall.com/lists/oss-security/2009/05/15/2
http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=7b0c8fcff47a885743125dd843db64af41af5a61
http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=968460ebd8006d55661dec0fb86712b40d71c413
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=27b87fe52baba0a55e9723030e76fce94fabcea4
http://wiki.rpath.com/Advisories:rPSA-2009-0111
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.4
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://bugzilla.redhat.com/show_bug.cgi?id=496572

CPE    264
cpe:/o:linux:linux_kernel:2.6.23.1
cpe:/o:linux:linux_kernel:2.6.20.19
cpe:/o:linux:linux_kernel:2.6.23.2
cpe:/o:linux:linux_kernel:2.6.23.3
...
CWE    1
CWE-119
OVAL    15
oval:org.secpod.oval:def:102375
oval:org.secpod.oval:def:202123
oval:org.secpod.oval:def:202070
oval:org.secpod.oval:def:500599
...

© 2013 SecPod Technologies