CVE-2009-1439
4.2 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.115 Low
EPSS
Percentile
95.2%
Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.
References
blog.fefe.de/?ts=b72905a8
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b363b3304bcf68c4541683b2eff70b29f0446a5b
lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html
lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html
lists.samba.org/archive/linux-cifs-client/2009-April/004322.html
secunia.com/advisories/34981
secunia.com/advisories/35011
secunia.com/advisories/35120
secunia.com/advisories/35121
secunia.com/advisories/35185
secunia.com/advisories/35217
secunia.com/advisories/35226
secunia.com/advisories/35343
secunia.com/advisories/35387
secunia.com/advisories/35390
secunia.com/advisories/35394
secunia.com/advisories/35656
secunia.com/advisories/37471
wiki.rpath.com/Advisories:rPSA-2009-0084
www.debian.org/security/2009/dsa-1787
www.debian.org/security/2009/dsa-1794
www.debian.org/security/2009/dsa-1800
www.openwall.com/lists/oss-security/2009/04/04/1
www.openwall.com/lists/oss-security/2009/04/07/3
www.openwall.com/lists/oss-security/2009/04/07/7
www.redhat.com/support/errata/RHSA-2009-1081.html
www.securityfocus.com/archive/1/503610/100/0/threaded
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/34453
www.ubuntu.com/usn/usn-793-1
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/3316
xorl.wordpress.com/2009/04/07/linux-kernel-tree-connect-cifs-remote-buffer-overflow/
bugzilla.novell.com/show_bug.cgi?id=492282
bugzilla.redhat.com/show_bug.cgi?id=494275
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10321
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8265
www.redhat.com/archives/fedora-package-announce/2009-May/msg01126.html
www.redhat.com/archives/fedora-package-announce/2009-May/msg01271.html
Social References
More
Related
4.2 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.115 Low
EPSS
Percentile
95.2%