CVE-2009-1633
4.9 Medium
AI Score
Confidence
High
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
55.4%
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.
References
git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git%3Ba=commit%3Bh=7b0c8fcff47a885743125dd843db64af41af5a61
git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git%3Ba=commit%3Bh=968460ebd8006d55661dec0fb86712b40d71c413
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=27b87fe52baba0a55e9723030e76fce94fabcea4
lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
marc.info/?l=oss-security&m=124099284225229&w=2
marc.info/?l=oss-security&m=124099371726547&w=2
secunia.com/advisories/35217
secunia.com/advisories/35226
secunia.com/advisories/35298
secunia.com/advisories/35656
secunia.com/advisories/35847
secunia.com/advisories/36051
secunia.com/advisories/36327
secunia.com/advisories/37351
secunia.com/advisories/37471
wiki.rpath.com/Advisories:rPSA-2009-0111
www.debian.org/security/2009/dsa-1809
www.debian.org/security/2009/dsa-1844
www.debian.org/security/2009/dsa-1865
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.4
www.mandriva.com/security/advisories?name=MDVSA-2009:148
www.openwall.com/lists/oss-security/2009/05/14/1
www.openwall.com/lists/oss-security/2009/05/14/4
www.openwall.com/lists/oss-security/2009/05/15/2
www.redhat.com/support/errata/RHSA-2009-1157.html
www.securityfocus.com/archive/1/505254/100/0/threaded
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/34612
www.ubuntu.com/usn/usn-793-1
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/3316
bugzilla.redhat.com/show_bug.cgi?id=496572
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8588
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9525
www.redhat.com/archives/fedora-package-announce/2009-May/msg01126.html
www.redhat.com/archives/fedora-package-announce/2009-May/msg01271.html
Social References
More
Related
4.9 Medium
AI Score
Confidence
High
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
55.4%