CVE-2009-1633

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.

References

http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=7b0c8fcff47a885743125dd843db64af41af5a61

http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=968460ebd8006d55661dec0fb86712b40d71c413

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=27b87fe52baba0a55e9723030e76fce94fabcea4

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

http://marc.info/?l=oss-security&m=124099284225229&w=2

http://marc.info/?l=oss-security&m=124099371726547&w=2

http://secunia.com/advisories/35217

http://secunia.com/advisories/35226

http://secunia.com/advisories/35298

http://secunia.com/advisories/35656

http://secunia.com/advisories/35847

http://secunia.com/advisories/36051

http://secunia.com/advisories/36327

http://secunia.com/advisories/37351

http://secunia.com/advisories/37471

http://wiki.rpath.com/Advisories:rPSA-2009-0111

http://www.debian.org/security/2009/dsa-1809

http://www.debian.org/security/2009/dsa-1844

http://www.debian.org/security/2009/dsa-1865

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.4

http://www.mandriva.com/security/advisories?name=MDVSA-2009:148

http://www.openwall.com/lists/oss-security/2009/05/14/1

http://www.openwall.com/lists/oss-security/2009/05/14/4

http://www.openwall.com/lists/oss-security/2009/05/15/2

http://www.redhat.com/support/errata/RHSA-2009-1157.html

http://www.securityfocus.com/archive/1/505254/100/0/threaded

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/bid/34612

http://www.ubuntu.com/usn/usn-793-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2009/3316

https://bugzilla.redhat.com/show_bug.cgi?id=496572

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8588

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9525

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01126.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01271.html

Details

Source: MITRE

Published: 2009-05-28

Updated: 2018-11-08

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
89117VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)NessusMisc.
critical
79460OracleVM 2.1 : kernel (OVMSA-2009-0014)NessusOracleVM Local Security Checks
high
67911Oracle Linux 4 : kernel (ELSA-2009-1211)NessusOracle Linux Local Security Checks
high
67874Oracle Linux 5 : kernel (ELSA-2009-1106)NessusOracle Linux Local Security Checks
high
60641Scientific Linux Security Update : kernel on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
60599Scientific Linux Security Update : kernel on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
59140SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6636)NessusSuSE Local Security Checks
high
48149Mandriva Linux Security Advisory : kernel (MDVSA-2009:148)NessusMandriva Local Security Checks
high
44730Debian DSA-1865-1 : linux-2.6 - denial of service/privilege escalationNessusDebian Local Security Checks
high
44709Debian DSA-1844-1 : linux-2.6.24 - denial of service/privilege escalationNessusDebian Local Security Checks
high
44621openSUSE Security Update : kernel (kernel-1908)NessusSuSE Local Security Checks
critical
43757CentOS 5 : kernel (CESA-2009:1106)NessusCentOS Local Security Checks
high
42870VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.NessusVMware ESX Local Security Checks
medium
42812SuSE9 Security Update : Linux kernel (YOU Patch Number 12541)NessusSuSE Local Security Checks
high
42465SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6632)NessusSuSE Local Security Checks
high
40609RHEL 4 : kernel (RHSA-2009:1211)NessusRed Hat Local Security Checks
high
39586Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : linux, linux-source-2.6.15 vulnerabilities (USN-793-1)NessusUbuntu Local Security Checks
high
39430RHEL 5 : kernel (RHSA-2009:1106)NessusRed Hat Local Security Checks
high
38990Debian DSA-1809-1 : linux-2.6 - denial of service, privilege escalationNessusDebian Local Security Checks
high
38931Fedora 9 : kernel-2.6.27.24-78.2.53.fc9 (2009-5383)NessusFedora Local Security Checks
high
38906Fedora 10 : kernel-2.6.27.24-170.2.68.fc10 (2009-5356)NessusFedora Local Security Checks
high
801470CentOS RHSA-2009-1106 Security CheckLog Correlation EngineGeneric
high