CVE-2009-1336
3.7 Low
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
9.3%
fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the encode_lookup function.
References
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=54af3bb543c071769141387a42deaaab5074da55
rhn.redhat.com/errata/RHSA-2009-0473.html
secunia.com/advisories/35011
secunia.com/advisories/35015
secunia.com/advisories/35160
secunia.com/advisories/35324
secunia.com/advisories/35656
secunia.com/advisories/37471
www.debian.org/security/2009/dsa-1794
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23
www.openwall.com/lists/oss-security/2009/04/06/1
www.openwall.com/lists/oss-security/2009/04/17/2
www.redhat.com/support/errata/RHSA-2009-1024.html
www.redhat.com/support/errata/RHSA-2009-1077.html
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/34390
www.securitytracker.com/id?1022176
www.ubuntu.com/usn/usn-793-1
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/3316
bugzilla.redhat.com/show_bug.cgi?id=494074
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10859
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8495
Social References
More
Related
3.7 Low
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
9.3%